Jon Oltsik

Senior Principal Analyst

  • Blogs
    Jul 13, 2009

    It's Not About North Korea

  • Blogs
    Jun 30, 2009

    Federal Cybersecurity: Boon or Boondoggle?

  • Blogs
    Jun 23, 2009

    Encryption for Data Destruction?

  • research briefs
    Jun 18, 2009

    Research Brief: Is Data Destruction a Compelling Use Case for Self-Encrypting Drives?

    To protect sensitive data, many storage vendors now offer encryption capabilities with their enterprise-class systems. In spite of increasing privacy legislation and an avalanche of publicly-disclosed data breaches, most large organizations believe their enterprise storage systems are relatively well-protected and thus continue to forego encryption. Some storage vendors are now proposing self-encrypting drives for another use case: data destruction. By deleting encryption keys, these vendors believe they can help enterprises automate data destruction processes. In theory, this is true—but ESG research demonstrates that, though key deletion for data destruction may have some niche market appeal, it is not a “killer app” for storage encryption across the broad enterprise market.

  • Blogs
    Jun 10, 2009

    Potential breach at T-Mobile? Yikes!

  • Blogs
    Jun 5, 2009

    Resume for the New Federal Cybersecurity Coordinator

  • research briefs
    May 19, 2009

    Research Brief: Laptop Encryption Steps into the Limelight

    While laptop computers and other mobile devices offer significant benefits in terms of convenience and employee productivity, the loss or theft of a mobile system containing confidential information continues to be an all-too-real nightmare for security organizations. With confidential data increasingly distributed across disparate users and devices, IT departments must ensure that mobile computing devices, such as laptops, are protected by a comprehensive security strategy that includes full-disk and other encryption technologies.

  • research briefs
    May 15, 2009

    Research Brief: The “Outside-In” Confidential Data Security Model

    Confidential data resides everywhere—from locked-down data centers to mobile devices—and is increasingly accessed by a wide range of constituents—from employees to contractors and business partners. How can CIOs and CISOs possibly secure confidential data when it is in a constant state of motion? The ESG “Outside-In” data security model seeks to put confidential data security in context by anchoring data security to risk metrics, categorizing risk zones, and recommending security controls. When properly and consistently applied, ESG believes that the “Outside-In” security model can help organizations improve confidential data security while making this data more productive for global network-based business processes.

  • research briefs
    May 5, 2009

    Research Brief: The Impact of VDI on Network Infrastructure

    The positive impact that server virtualization has had on computing infrastructures has led IT staffs to look for ways to extend these benefits to other areas of their operating environments. One such opportunity involves the centralization of desktop computing via VDI (virtual desktop infrastructure) technology. While centrally executing and managing desktop images offers many benefits to both IT and end-users, the potential impact on the network and other underlying data center infrastructure should not be overlooked.

  • research reports
    Apr 16, 2009

    Research Report: Protecting Confidential Data Revisited

    ESG surveyed 308 North American and Western European IT and information security professionals representing enterprise-class organizations (1,000 employees or more) that were responsible for or familiar with their organization’s current policies, procedures, and technologies used to protect and secure confidential information.

  • briefs
    Apr 15, 2009

    Business Enablement Demands Tight Identity and Security Integration

    Identity management and security were once thought of as independent IT activities but this is rapidly changing. Why? New business processes, web-based applications, external collaboration, and user mobility are driving tight integration between traditional identity management activities like user provisioning and authentication with security requirements like malware detection, information assurance, and auditing. Many technology vendors offer products in one or both of these areas but Microsoft stands out for its tight integration between identity, security, and its existing broad base Windows infrastructure.

  • Blogs
    Mar 16, 2009

    Cisco's Server Play

  • briefs
    Mar 16, 2009

    Cisco Announces Unified Computing System- Enters Blade Server Space

  • Blogs
    Mar 3, 2009

    U.S. Federal Government Picking Up the Cyber Security Cause

  • News
    Feb 19, 2009

    Slashed budgets? Think strategic, not tactical NetworkWorld

    We see a lot of tactical activity, and that's probably human nature to plug the obvious holes, said Jon Oltsik, senior analyst with Milford, Mass.-based research firm Enterprise Strategy Group. Click the link to read more.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.

Full Biography


Enter your email address, and click subscribe