How can an organisation be sure that it is using cloud services in ways that meet its compliance obligations and its appetite for risk?

Watch the video


Download the presentation slides (PDF)


Most organisations now have a hybrid IT environment where services are delivered in multiple ways, some remaining on premises while others are delivered as cloud services. Cloud services provide an environment for accelerated development without the need for capital expenditure or lengthy procurement delays to obtain hardware. However, responsibilities for security and compliance are shared between the CSP (Cloud Service Providers) and the cloud customer. How can an organisation be sure that it is using cloud services in ways that meet its compliance obligations and its appetite for risk?

While CSPs take steps to secure the service they provide, it is up to the customer to ensure that they use cloud services in a secure and compliant manner. This is a challenge because of the dynamic nature of cloud services taken together with security features that are proprietary and differ between clouds. The term “Cloud Security Posture Management” (CSPM) refers to solutions that provide a way for cloud customers to continuously identify and control the risks associated with their use of cloud services.

This presentation will provide an overview of the risks and how these tools can help. After attending this presentation, you will be able to:

  • Describe the major risks related to the way organisations use cloud services.
  • Explain why cloud services need dynamic rather than static controls.
  • List the different kinds of tools (and their acronyms) that claim to manage these risks.
  • Describe the main functionality that a CSPM solution should provide.

Speaker biography 

Mike Small CEng, FBCS, MIET, CITP

Mike Small has over 40 years’ experience in the IT industry. He is a distinguished analyst at KuppingerCole and a visiting lecturer in information security at the University of Salford in England. At KuppingerCole Mike is responsible for research coverage in the area of security and compliance around cloud services. He has published extensive research into this area as well as providing consulting services to KuppingerCole customers around cloud policy and risk assessment.

Mike Small is a distinguished analyst at KuppingerCole. He is recognized as an authority on information security and data privacy in the use of cloud services.

Mike has published extensive research into this area as well as provided consulting services. In his previous career he was the architect for a wide range of leading-edge system software and identity management solutions.

Previously Mike worked for CA Technologies Inc (now acquired by Broadcom) where he developed the strategy for identity and access management and was VP responsible for product development. He is a frequent speaker at IT security events around EMEA and contributor to the security press. Mike began his career with International Computers and Tabulators (which later became International Computers Limited), where he was the architect for a number of leading-edge information technology development projects ranging from system software to artificial intelligence.

Mike is a Chartered Engineer, a Chartered Information Technology Professional, a Fellow of the British Computer Society, and a Member of the Institution of Engineering and Technology. He has a first-class honours degree in engineering from Brunel University.

Our events are for adults aged 16 years and over.

BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us Make IT Good For Society. Join BCS today

For overseas delegates who wish to attend the event, please note that BCS does not issue invitation letters.


BCS is following government guidelines and we would ask attendees to continue to also follow these guidelines. Please go to for more information, advice, and instructions.

This event is brought to you by: BCS Information Security specialist group and BCS IRMA (Information Risk Management and Assurance) specialist group

Hybrid event: Cloud Security Posture Management - BCS ISSG
Date and time
Tuesday 5 September, 6:00pm - 7:30pm
BCS, The Chartered Institute for IT
Ground Floor, 25 Copthall Avenue
This event is sold out