Mike Small
Mike Small is a distinguished analyst at KuppingerCole. He is recognized as an authority on information security and data privacy in the use of cloud services. He has published extensive research into this area as well as provided consulting services. In his previous career he was the architect for a wide range of leading-edge system software and identity management solutions.
Roles & Responsibilities at KuppingerCole
Mike Small has been a Distinguished Analyst at KuppingerCole for more than 4 years. His current focus is security and risk management in the Cloud.
Background & Education
Mike is a member of the London Chapter of ISACA Security Advisory Group, a Chartered Engineer, a Chartered Information Technology Professional, a Fellow of the British Computer Society, and a Member of the Institution of Engineering and Technology. He has a first class honours degree in engineering from Brunel University.
Areas of coverage
- Cloud Security and Assurance
- Information Security Program Maturity Assessments
- Information systems resilience
- Data privacy and confidentiality
Professional experience
Until 2009, Mike worked for CA (now CA Technologies Inc) where he developed the identity and access management strategy for distributed systems. This strategy led to the developments and acquisitions that contributed to CA‘s IAM product line.
Latest research
Executive View
ShardSecure Microshard Technology
December 21, 2022
Organizations find themselves at the crossroads of data sovereignty and data privacy, resulting from cloud adoption. This has led to compliance with cross-border data protection laws and regulations becoming an important challenge. Data protection and data sovereignty laws and regulations…
Executive View
AWS Elastic Disaster Recovery
November 09, 2022
Data resilience and disaster recovery solutions are an essential element of business continuity plans and, as organizations go through digital transformation and become more dependent upon their IT services, the need for data resilience has grown. These solutions must not only support…
Leadership Brief
EU NIS2 Directive
July 28, 2022
Every organization needs to take steps to ensure their cyber resilience and this updated directive provides a useful framework for this. This report provides a summary of the technical obligations that NIS2 places on organizations together with recommended actions. This directive places…
Executive View
Arcserve Unified Data Resilience
July 19, 2022
Data resilience solutions are an essential element of business continuity plans and, as organizations go through digital transformation and become more dependent upon their IT services, the need for data resilience has grown. These solutions must not only support today’s hybrid multi-cloud…
Leadership Brief
Cyber Hygiene: The Foundation for Cyber Resilience
June 28, 2022
Most cyber incidents result from poor cyber hygiene. To avoid these, organizations must make sure that all the routine tasks needed to keep their systems, data, and applications safe are performed regularly and completely. This means creating a culture where everyone across the organization…
Executive View
Oracle Security Zones
May 10, 2022
Poorly managed security controls within a cloud services tenant’s resources are increasingly the cause of security incidents and compliance failures. Today’s dynamic infrastructure and development methodologies need a dynamic approach to cyber security. This report reviews Oracle Security…
Latest blog posts
Blog
How Does Using Cloud Services Alter Risk
August 22, 2022
I am often asked “does using a cloud service alter risk?” I always reply to this question with “well it depends”. Every organization has its own set of circumstances, and the answer needs to take these into account. It is also important to think about how the…
Blog
Digital Transformation - Multi-Cloud and Multi-Complex
May 06, 2022
Organizations are going through a digital journey to exploit the digital systems to create new services, get closer to their customers and to improve efficiency. This process has been accelerated by the COVID pandemic where survival depended upon being able to change. This has led to a…
Blog
Prepare, Prevent and Protect
April 06, 2022
Is your Digital Supply Chain your weakest Link?
In the 1950’s the Lyons restaurant chain in the UK built their own computer and wrote all the applications that they needed to manage and optimize their operations. This was called LEO – Lyons’ Electronic Office. …
Blog
When will Ransomware Strike? Should you Hope for the Best or Plan for the Worst
March 31, 2022
Why Backup and Disaster Recover is ever more important
In May 2021, the Irish health Service (HSE) was hit by a ransomware attack. According to the BBC this caused substantial cancellations to outpatient services and staff having to resort to paper-based systems. The service was still…
Blog
Log4j – How Well Did You Perform?
December 21, 2021
Over the past few weeks since this vulnerability was made public much has been written by many on what your organization should do about it. This is not the end of the story; Apache has already released 3 patches for related vulnerabilities, and you need to be ready for the next one…
Blog
A Sovereign Cloud Is About More Than Just Privacy
October 28, 2021
Using cloud services has now become an essential component of digital transformation. However, the dominant cloud service providers are not European and, following the recent Schrems II judgment, transferring personal data to these services has become increasingly problematic. This…
Latest videos
Webinar Recording
Why Data Resilience Is Key to Digital Transformation
October 21, 2022
As companies pursue digital transformation to remain competitive, they become more dependent on IT services. This increases the potential business impact of mistakes, natural disasters, and cyber incidents. Business continuity planning, therefore, is a key element of digital transformation,…
Analyst Chat
Analyst Chat #145: How Does Using Cloud Services Alter Risk?
October 17, 2022
The question whether using a cloud service alters risk is not simple to answer. Mike Small sits down with Matthias and explains, that every organization has its own set of circumstances, and the answer needs to take these into account. He explains the important factors to look at, and what…
Analyst Chat
Analyst Chat #142: Cyber Resilience: What It Is, How to Get There and Where to Start - CSLS Special
September 26, 2022
A key issue for many companies beyond technical cybersecurity is cyber resilience. This refers to the ability to protect data and systems in organizations from cyber attacks and to quickly resume business operations in the event of a successful attack. Martin Kuppinger, Mike Small, and John…
Webinar Recording
Managing Cyber Risk in a Hybrid Multi-Cloud IT Environment
September 14, 2022
Today’s IT environments blend applications and services from multiple public cloud networks, private clouds and on-prem networks, making it difficult to view and inventory assets deployed across complex hybrid networks, and keep track of the security risks. Organizations need to find…
Webinar Recording
The Changing Scope of the NIS 2 EU Directive
June 15, 2022
The NIS Directive aimed at achieving a common standard of network and information security across all EU Member States, with a focus on operators of essential services, is scheduled for an update. Suppliers of utilities, healthcare, transport, communications, and other services need to know…
Webinar Recording
Effective Cyber Risk Quantification Through Automation
June 07, 2022
Continual high-profile cyber incidents demonstrate beyond a doubt that cyber risks exist, but most organizations struggle to quantify cyber risk in a useful way. There is an urgent need for IT security leaders to find a common way to express cyber risk in monetary terms, that business…
