With a limited IT/IT Security budget, should an organization make investments in the area of Security Awareness Training or Zero Trust?
Security Awareness training74%
Zero Trust25%
Sort by:
Zero Trust is nebulous here, but technical implementations are critical. Normally security awareness training is limited and often not well tailored to enterprise specific use cases.
Given that, invest in the basics - patching, monitoring, identity management, encryption, compliance… some of that can fit the zero trust buzzword, but don’t chase it.
Technology can still not compensate for the negligence and naivety of humans. The weakest link in the chain is still employees, so it's always better to invest in training/awareness than fancy technology if you don't have the basics.
There is no single product that is Zero Trust. It's a concept and can be achieved by combining various technologies.
If someone is selling you a Zero Trust product ... run away.
With limited budgets starting from the low-hanging fruits and education, employees are the obvious choice.
Zero trust topic is a part of security awareness training.