Gartner Blog Network

Mike Wonham
Sr Director Analyst I
3 years at Gartner
22 years IT Industry

Mike Wonham works in GTP Security, Identity and Risk, focusing on data security, classification, DLP, risk process and measurement, security governance and programs and security metrics. Read Full Bio

Privacy vs Cookies – who’s winning?

by Mike Wonham  |  August 7, 2020

The issue. Cookies do many things, all of which are useful to someone, many of which may be in contradiction with the end user. They can be complete security risks, and internet behemoths like Google have and continue to work on browser standards to reduce as much as possible such issues. (See, for example, […]

Read more »

Security Vendors are THE Best At ‘Security By Obscurity’.

by Mike Wonham  |  June 24, 2020

Part of my role is to monitor vendors in my specialty area. Analysts do this in various ways, vendor briefings, discussions with clients, conferences and expos (although not so much this year), and by the good old web search. A web search is a starting point. “Which vendors might solve this problem?” is a common […]

Read more »

Numbers, Percentages, Targets and Trends (Security Metrics gone wrong)

by Mike Wonham  |  April 2, 2020

I see some strange proposals for security metrics. Individually of course every proposal carries meaning for the proposer so one shouldn’t criticize too harshly. But authors of metrics do need to remember that there’s no point measuring something unless you’re going to do something about it – and that means you need to measure that […]

Read more »

Two Challenges for Data Security during COVID-19

by Mike Wonham  |  April 2, 2020

Data Security is seen by some as being the core reason for having security – especially for organisations who consider their data assets and how they process them as being how they make their money. Many organisations also look for compliance to privacy regulations as the relevant legislation continues to proliferate throughout the globe. COVID-19 […]

Read more »

“It’s more about convenience than compliance”

by Mike Wonham  |  August 30, 2019

It’s a common refrain from our security clients: “our systems and processes are more about convenience than compliance”. (This is a direct quote from one them). Well of course they are.┬áMost of your systems (and even more of your processes) were probably developed before the current set of laws and standards came into force. The […]

Read more »

Privacy Engineering – the new DevOps?

by Mike Wonham  |  August 8, 2019

Once upon a time security was an afterthought. And the security profession tried to convince everyone that building security in from the start was cheaper, easier and more effective. Ok, increased prototyping costs, but then, prototyping without understanding the impact of security might be claimed to be somewhat pointless. Then DevSecOps appeared. (Yes, Gartner has […]

Read more »