Analyst details

Mike Small Senior Analyst

Stockport / UK

Experience:
40 years in IT industry
At KuppingerCole since 2009

Email    Blog    @MikeSmall64    Profile   

Roles & Responsibilities at KuppingerCole:

Mike Small has been a Distinguished Analyst at KuppingerCole since more than 4 years. His current focus is security and risk management in the Cloud.

Background & Education:

Mike is a member of the London Chapter of ISACA Security Advisory Group, a Chartered Engineer, a Chartered Information Technology Professional, a Fellow of the British Computer Society, and a Member of the Institution of Engineering and Technology. He has a first class honours degree in engineering from Brunel University.

  

Areas of coverage:

  • Cloud Provider Selection and Assurance
  • Information Security Program Maturity Assessments
  • Information Stewardship
  • Big Data

Professional experience:

Until 2009, Mike worked for CA (now CA Technologies Inc) where he developed the identity and access management strategy for distributed systems. This strategy led to the developments and acquisitions that contributed to CA‘s IAM product line.

Recent blog posts

Blog

Grizzly Steppe – what every organization needs to do

On December 29 th, the FBI together with CERT finally released a Joint Analysis Report on the cyber-attacks on the US Democratic Party during the US presidential election.  Every organization, whether they are based in the US or not, would do well to read this report and to ensure…

Blog

What Value Certification?

In the past weeks, there have been several press releases from CSPs (Cloud Service Providers) announcing new certifications for their services.  In November, BSI announced that Microsoft Azure had achieved Cloud Security Alliance (CSA) STAR Certification. On December 15 th , Amazon…

Blog

AWS re:Invent 2016 Blog

In the last week of November I attended the AWS re:Invent conference in Las Vegas – this was an impressive event with around 32,000 attendees. There were a significant number of announcements at this event; many were essentially more of the same but bigger, better based on what…

Blog

Democratized Security

At the AWS Enterprise Security Summit in London on November 8 th , Stephen Schmidt, CISO at AWS gave a keynote entitled “Democratized Security” .  What is Democratized Security and does it really exist?  Well, to quote Humpty Dumpty from the book Alice in…

Blog

Be careful not to DROWN

On March 1 st OpenSSL published a security advisory CVE-2016-0800 , known as “DROWN”. This is described as a cross-protocol attack on TLS using SSLv2 and is classified with a High Severity. The advice given by OpenSSL is: “We strongly advise against the use of SSLv2…

Blog

ISO/IEC 27017 was it worth the wait?

On November 30 th , 2015 the final version of the standard ISO/IEC 27017 was published.  This standard provides guidelines for information security controls applicable to the provision and use of cloud services.  This standard has been some time in gestation and was first…


Recent research documents

Executive View

Executive View: NextLabs Data Centric Security in the Hybrid Cloud - 72531

Organizations are adopting a hybrid model for the delivery of IT services a consistent approach is needed to govern and secure data on-premise, in the cloud and when shared with external parties. NextLabs Data Centric Security Suite provides a proven tool that can protect data and ensure…

Executive View

Executive View: CensorNet Cloud Security Platform - 72529

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services.…

Executive View

Executive View: CipherCloud Trust Platform - 72530

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services.…

Executive View

Executive View: Skyhigh Cloud Security Platform - 72532

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services.…

Executive View

Executive View: Vaultive Cloud Data Security Platform - 72533

The data held in office productivity suites like Office 365 spans the whole operation of an organization from the board to the shop floor.  This makes it imperative that it is protected against risks of leakage and unauthorized disclosure.  Vaultive cloud data security provides an…


Recent webcasts

Webcast

Enabling Cloud Access While Ensuring Security and Compliance

The cloud and mobile revolutions have changed the way we work and the very nature of IT. But these advances have also created immense new challenges and risks to security, data protection and compliance. In order to address these risks the Cloud Access Security Broker (CASB) market has…

Webcast

How to easily expand Identity & Access Management to the Cloud

Many large enterprises operate with a glut of access security platforms and tools that each service a specific silo of applications and resources. Most are proprietary, and many have expensive and time-consuming agent-based architectures. In addition, because they are usually very tightly…

Webcast

Big Data – Bigger Risks?

Big Data technologies were invented to store and rapidly process the vast amount of data available today into useful “Smart” Information. What is common across these technologies is that their initial aims are focused on data processing capabilities rather than security and…

Webcast

Managing Risk through Cloud App Authentication and 360° Control

The easy availability of IT services delivered as cloud services together with the revolution in the range of devices that are used to access these services has created challenges for organizations in the areas of security and compliance. Employees and associates can use their personal cloud…

Webcast

Access Governance in a Cloudy Environment

Organizations are increasingly using the new technologies of smart devices, cloud computing and social media to connect with their customers, improve service and reduce costs. To successfully exploit these new technologies organizations need to understand and manage the risks that these bring.


How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

Learn more

Security Operations Center

Today, the Security Operations Center (SOC) is at the heart of enterprise security management. It is used to monitor and analyze security alerts coming from the various systems across the enterprise and to take actions against detected threats. However, the rapidly growing number and sophistication of modern advanced cyber-attacks make running a SOC an increasingly challenging task even for the largest enterprises with their fat budgets for IT security. The overwhelming number of alerts puts a huge strain even on the best security experts, leaving just minutes for them to decide whether an [...]

News