Analyst details

Mike Small Senior Analyst

Stockport / UK

Experience:
40 years in IT industry
At KuppingerCole since 2009

Email    Blog    @MikeSmall64    Profile   

Roles & Responsibilities at KuppingerCole:

Mike Small has been a Distinguished Analyst at KuppingerCole since more than 4 years. His current focus is security and risk management in the Cloud.

Background & Education:

Mike is a member of the London Chapter of ISACA Security Advisory Group, a Chartered Engineer, a Chartered Information Technology Professional, a Fellow of the British Computer Society, and a Member of the Institution of Engineering and Technology. He has a first class honours degree in engineering from Brunel University.

  

Areas of coverage:

  • Cloud Provider Selection and Assurance
  • Information Security Program Maturity Assessments
  • Information Stewardship
  • Big Data

Professional experience:

Until 2009, Mike worked for CA (now CA Technologies Inc) where he developed the identity and access management strategy for distributed systems. This strategy led to the developments and acquisitions that contributed to CA‘s IAM product line.

Recent blog posts

Blog

Grizzly Steppe – What Every Organization Needs to Do

On December 29 th, the FBI together with CERT finally released a Joint Analysis Report on the cyber-attacks on the US Democratic Party during the US presidential election.  Every organization, whether they are based in the US or not, would do well to read this report and to ensure…

Blog

What Value Certification?

In the past weeks, there have been several press releases from CSPs (Cloud Service Providers) announcing new certifications for their services.  In November, BSI announced that Microsoft Azure had achieved Cloud Security Alliance (CSA) STAR Certification. On December 15 th , Amazon…

Blog

AWS re:Invent 2016 Blog

In the last week of November I attended the AWS re:Invent conference in Las Vegas – this was an impressive event with around 32,000 attendees. There were a significant number of announcements at this event; many were essentially more of the same but bigger, better based on what…

Blog

Democratized Security

At the AWS Enterprise Security Summit in London on November 8 th , Stephen Schmidt, CISO at AWS gave a keynote entitled “Democratized Security” .  What is Democratized Security and does it really exist?  Well, to quote Humpty Dumpty from the book Alice in…

Blog

Be careful not to DROWN

On March 1 st OpenSSL published a security advisory CVE-2016-0800 , known as “DROWN”. This is described as a cross-protocol attack on TLS using SSLv2 and is classified with a High Severity. The advice given by OpenSSL is: “We strongly advise against the use of SSLv2…

Blog

ISO/IEC 27017 was it worth the wait?

On November 30 th , 2015 the final version of the standard ISO/IEC 27017 was published.  This standard provides guidelines for information security controls applicable to the provision and use of cloud services.  This standard has been some time in gestation and was first…


Recent research documents

Leadership Compass

Leadership Compass: Cloud Access Security Brokers - 72534

How do you ensure secure and compliant access to cloud services without losing the agility and cost benefits that these services provide? This report gives you an overview of the market for Cloud Access Security Brokers and a compass to help you to find the product that you need.

Leadership Brief

Leadership Brief: Vorbereitung auf die EU-DSGVO: Sechs Schlüsselaktivitäten - 70340

Mit der kommenden EU-DSGVO (Datenschutz-Grundverordnung) im Mai 2018 verändern sich die Anforderungen an den Umgang mit personenbezogenen Daten. Dieser Report identifiziert sechs zentrale Aktivitäten, die innerhalb der IT unternommen werden sollten, um auf die Erfüllung…

Leadership Brief

Leadership Brief: Cloud Provider Codes of Conduct and GDPR - 70276

Codes of Conduct  can help organizations choose between suppliers.   This report  compares two recently announced codes for cloud service providers and how  these relate to GDPR .

Leadership Brief

Leadership Brief: Six Key Actions to Prepare for GDPR - 70340

From May 2018, when the upcoming EU GDPR (General Data Protection  Regulation) comes into force, the requirements for managing personal data will change. This report identifies six key actions that IT needs to take to prepare for  compliance.

Executive View

Executive View: NextLabs Data Centric Security in the Hybrid Cloud - 72531

Organizations are adopting a hybrid model for the delivery of IT services a consistent approach is needed to govern and secure data on-premise, in the cloud and when shared with external parties. NextLabs Data Centric Security Suite provides a proven tool that can protect data and ensure…


Recent webcasts

Webcast

Enabling Cloud Access While Ensuring Security and Compliance

The cloud and mobile revolutions have changed the way we work and the very nature of IT. But these advances have also created immense new challenges and risks to security, data protection and compliance. In order to address these risks the Cloud Access Security Broker (CASB) market has…

Webcast

How to easily expand Identity & Access Management to the Cloud

Many large enterprises operate with a glut of access security platforms and tools that each service a specific silo of applications and resources. Most are proprietary, and many have expensive and time-consuming agent-based architectures. In addition, because they are usually very tightly…

Webcast

Big Data – Bigger Risks?

Big Data technologies were invented to store and rapidly process the vast amount of data available today into useful “Smart” Information. What is common across these technologies is that their initial aims are focused on data processing capabilities rather than security and…

Webcast

Managing Risk through Cloud App Authentication and 360° Control

The easy availability of IT services delivered as cloud services together with the revolution in the range of devices that are used to access these services has created challenges for organizations in the areas of security and compliance. Employees and associates can use their personal cloud…

Webcast

Access Governance in a Cloudy Environment

Organizations are increasingly using the new technologies of smart devices, cloud computing and social media to connect with their customers, improve service and reduce costs. To successfully exploit these new technologies organizations need to understand and manage the risks that these bring.


How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

Connected Consumer Learn more

Connected Consumer

When dealing with consumers and customers directly the most important asset for any forward-thinking organisation is the data provided and collected for these new type of identities. The appropriate management of consumer identities is of utmost importance. Handing over personal data to a commercial organisation the consumer typically does this with two contrasting expectations. On one hand the consumer wants to benefit from the organisation as a contract partner for goods or services. Customer-facing organizations get into direct contact with their customers today as they are accessing their [...]

News