Jon Oltsik

Senior Principal Analyst

  • briefs
    Aug 12, 2009

    The Case for Log Management Warehousing

    There is no longer a question as to whether large organizations need log management solutions. But as log management and analysis needs evolve, legacy products can't scale, accommodate uncommon log file formats, or provide the right level of real-time or historical analysis. These requirements are driving a transition to a new model called log management warehousing. Similar to "top-down" data warehousing, log management warehousing will evolve to become a centralized enterprise service over the next few years.

  • Blogs
    Aug 11, 2009

    What's Going on With the Federal Cybersecurity Coordinator?

  • News
    Aug 6, 2009

    How to Evaluate, Compare and Implement Enterprise Antivirus - CSO Online - Security and Risk

  • Blogs
    Aug 5, 2009

    Cloud-based Web Threat Management

  • News
    Aug 4, 2009

    Encryption key management: New standards on the horizon

  • Blogs
    Jul 27, 2009

    Web Threats Meet the Cloud

  • briefs
    Jul 22, 2009

    Evaluating Cloud Storage Security

    By far, the number one question users considering a move to cloud storage ask is whether or not their data will be secure. Storing data offsite doesn't change data security requirements; they are the same as those facing data stored onsite. Security should be based on business requirements for specific applications and data sets, no matter where the data is stored. Users evaluating cloud storage service providers should demand the same type of security controls they would in their own data centers with regard to physical security, data encryption, and network security.

  • Blogs
    Jul 13, 2009

    It's Not About North Korea

  • Blogs
    Jun 30, 2009

    Federal Cybersecurity: Boon or Boondoggle?

  • Blogs
    Jun 23, 2009

    Encryption for Data Destruction?

  • research briefs
    Jun 18, 2009

    Research Brief: Is Data Destruction a Compelling Use Case for Self-Encrypting Drives?

    To protect sensitive data, many storage vendors now offer encryption capabilities with their enterprise-class systems. In spite of increasing privacy legislation and an avalanche of publicly-disclosed data breaches, most large organizations believe their enterprise storage systems are relatively well-protected and thus continue to forego encryption. Some storage vendors are now proposing self-encrypting drives for another use case: data destruction. By deleting encryption keys, these vendors believe they can help enterprises automate data destruction processes. In theory, this is true—but ESG research demonstrates that, though key deletion for data destruction may have some niche market appeal, it is not a “killer app” for storage encryption across the broad enterprise market.

  • Blogs
    Jun 10, 2009

    Potential breach at T-Mobile? Yikes!

  • Blogs
    Jun 5, 2009

    Resume for the New Federal Cybersecurity Coordinator

  • research briefs
    May 19, 2009

    Research Brief: Laptop Encryption Steps into the Limelight

    While laptop computers and other mobile devices offer significant benefits in terms of convenience and employee productivity, the loss or theft of a mobile system containing confidential information continues to be an all-too-real nightmare for security organizations. With confidential data increasingly distributed across disparate users and devices, IT departments must ensure that mobile computing devices, such as laptops, are protected by a comprehensive security strategy that includes full-disk and other encryption technologies.

  • research briefs
    May 15, 2009

    Research Brief: The “Outside-In” Confidential Data Security Model

    Confidential data resides everywhere—from locked-down data centers to mobile devices—and is increasingly accessed by a wide range of constituents—from employees to contractors and business partners. How can CIOs and CISOs possibly secure confidential data when it is in a constant state of motion? The ESG “Outside-In” data security model seeks to put confidential data security in context by anchoring data security to risk metrics, categorizing risk zones, and recommending security controls. When properly and consistently applied, ESG believes that the “Outside-In” security model can help organizations improve confidential data security while making this data more productive for global network-based business processes.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.

Full Biography