Analyst details

Mike Small Senior Analyst

Stockport / UK

Experience:
40 years in IT industry
At KuppingerCole since 2009

Email    Blog    @MikeSmall64    Profile   

Roles & Responsibilities at KuppingerCole:

Mike Small has been a Distinguished Analyst at KuppingerCole since more than 4 years. His current focus is security and risk management in the Cloud.

Background & Education:

Mike is a member of the London Chapter of ISACA Security Advisory Group, a Chartered Engineer, a Chartered Information Technology Professional, a Fellow of the British Computer Society, and a Member of the Institution of Engineering and Technology. He has a first class honours degree in engineering from Brunel University.

  

Areas of coverage:

  • Cloud Provider Selection and Assurance
  • Information Security Program Maturity Assessments
  • Information Stewardship
  • Big Data

Professional experience:

Until 2009, Mike worked for CA (now CA Technologies Inc) where he developed the identity and access management strategy for distributed systems. This strategy led to the developments and acquisitions that contributed to CA‘s IAM product line.

Recent blog posts

Blog

Grizzly Steppe – what every organization needs to do

On December 29 th, the FBI together with CERT finally released a Joint Analysis Report on the cyber-attacks on the US Democratic Party during the US presidential election.  Every organization, whether they are based in the US or not, would do well to read this report and to ensure…

Blog

What Value Certification?

In the past weeks, there have been several press releases from CSPs (Cloud Service Providers) announcing new certifications for their services.  In November, BSI announced that Microsoft Azure had achieved Cloud Security Alliance (CSA) STAR Certification. On December 15 th , Amazon…

Blog

AWS re:Invent 2016 Blog

In the last week of November I attended the AWS re:Invent conference in Las Vegas – this was an impressive event with around 32,000 attendees. There were a significant number of announcements at this event; many were essentially more of the same but bigger, better based on what…

Blog

Democratized Security

At the AWS Enterprise Security Summit in London on November 8 th , Stephen Schmidt, CISO at AWS gave a keynote entitled “Democratized Security” .  What is Democratized Security and does it really exist?  Well, to quote Humpty Dumpty from the book Alice in…

Blog

Be careful not to DROWN

On March 1 st OpenSSL published a security advisory CVE-2016-0800 , known as “DROWN”. This is described as a cross-protocol attack on TLS using SSLv2 and is classified with a High Severity. The advice given by OpenSSL is: “We strongly advise against the use of SSLv2…

Blog

ISO/IEC 27017 was it worth the wait?

On November 30 th , 2015 the final version of the standard ISO/IEC 27017 was published.  This standard provides guidelines for information security controls applicable to the provision and use of cloud services.  This standard has been some time in gestation and was first…


Recent research documents

Executive View

Executive View: CensorNet Cloud Security Platform - 72529

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services.…

Executive View

Executive View: CipherCloud Trust Platform - 72530

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services.…

Executive View

Executive View: Skyhigh Cloud Security Platform - 72532

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services.…

Executive View

Executive View: Vaultive Cloud Data Security Platform - 72533

The data held in office productivity suites like Office 365 spans the whole operation of an organization from the board to the shop floor.  This makes it imperative that it is protected against risks of leakage and unauthorized disclosure.  Vaultive cloud data security provides an…

Executive View

Executive View: Emerging Threat Intelligence Standards - 72528

Threat intelligence is a vital part of cyber-defence and cyber-incident response. To enable and automate the sharing threat intelligence, OASIS recently made available the specifications for STIX™, TAXII™ and CybOX™ as international open standards. This report provides an…


Recent webcasts

Webcast

Enabling Cloud Access While Ensuring Security and Compliance

The cloud and mobile revolutions have changed the way we work and the very nature of IT. But these advances have also created immense new challenges and risks to security, data protection and compliance. In order to address these risks the Cloud Access Security Broker (CASB) market has…

Webcast

How to easily expand Identity & Access Management to the Cloud

Many large enterprises operate with a glut of access security platforms and tools that each service a specific silo of applications and resources. Most are proprietary, and many have expensive and time-consuming agent-based architectures. In addition, because they are usually very tightly…

Webcast

Big Data – Bigger Risks?

Big Data technologies were invented to store and rapidly process the vast amount of data available today into useful “Smart” Information. What is common across these technologies is that their initial aims are focused on data processing capabilities rather than security and…

Webcast

Managing Risk through Cloud App Authentication and 360° Control

The easy availability of IT services delivered as cloud services together with the revolution in the range of devices that are used to access these services has created challenges for organizations in the areas of security and compliance. Employees and associates can use their personal cloud…

Webcast

Access Governance in a Cloudy Environment

Organizations are increasingly using the new technologies of smart devices, cloud computing and social media to connect with their customers, improve service and reduce costs. To successfully exploit these new technologies organizations need to understand and manage the risks that these bring.


How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

Learn more

Digital Finance

The emergence and prominence of bitcoin and its underlying technology Blockchain with open source, real-time payments capabilities and without centralized regulatory authority has sparked the Financial Services industry into exploring how Blockchain technology might be applied to mainstream banking and insurance sectors. Blockchain technology goes further than just a distributed ledger. Another initiative gaining acceptance is Smart Contracts that use computer protocols to facilitate, verify, or enforce the negotiation or performance of a contract or that obviate the need for a contractual [...]

News