Amid rising threats from increasingly complex digital environments and mounting compliance burdens, RSA has stepped forward with a bold response—introducing a new suite of Identity Security Posture Management (ISPM) capabilities and expanding its enterprise-grade passwordless solutions. Presented at Infosecurity Europe 2025, these enhancements mark a significant evolution in identity governance and access security, aimed squarely at helping security-first organizations navigate modern challenges across hybrid and cloud ecosystems.
At the heart of RSA’s announcement lies a transformative approach to identity security. The new ISPM features, fully integrated into the RSA® Governance & Lifecycle platform, push beyond traditional Identity Governance and Administration (IGA) by emphasizing continuous risk evaluation and automated remediation. Enterprises today grapple with thousands—sometimes millions—of identities, many of which are machine-generated or orphaned, lingering long after their relevance has expired. In this environment, conventional static policies are not enough. RSA’s AI-powered dashboards provide the kind of dynamic, real-time insights that identity teams need to stay ahead of policy violations, excessive entitlements, and hidden vulnerabilities. These dashboards, expected to be generally available by Q3 2025, offer not just granular visibility, but curated, actionable data tailored for administrators, executives, and audit teams alike.
RSA’s pivot toward ISPM is a direct acknowledgment that reactive tools are no longer sufficient. As CEO Rohit Ghai noted, this shift is particularly critical for sectors like government, healthcare, and finance—where even minor breaches can result in catastrophic outcomes. With ISPM layered atop RSA’s mature governance workflows, organizations can now reduce their identity attack surface in a preemptive, structured manner while fulfilling rigorous regulatory demands. For those preparing for audits or attempting to comply with GDPR, SOX, or ISO 27001, these capabilities offer a level of clarity and control that transforms compliance from a periodic fire drill into a continuous, auditable process.
The other pillar of RSA’s Infosecurity announcement addresses a ubiquitous weak point in enterprise defenses: passwords. Expanding on the RSA® ID Plus platform, the company rolled out a wave of new passwordless features that aim to eliminate traditional login friction while fortifying security. Users can now log into Windows desktops using mobile passkeys or QR codes, a gesture toward both convenience and security. Entra ID support, coming in July, ensures that organizations committed to Microsoft ecosystems can also join this passwordless wave. The one-step enrollment process launching concurrently will lower barriers to adoption, making it easier for users to register MFA methods without prolonged hand-holding from IT support teams.
Legacy environments haven’t been ignored either. Through code matching in RADIUS deployments, RSA is equipping organizations to combat “prompt bombing”—a tactic increasingly used in multi-factor fatigue attacks—without overhauling their existing network infrastructure. Meanwhile, RSA Help Desk Live Verify offers a particularly compelling answer to social engineering attacks that target IT support channels. By embedding passwordless, bi-directional verification directly into the help desk process, it directly addresses attack vectors recently exploited against high-profile organizations like MGM Resorts and Christian Dior.
Rounding out the enhancements is RSA Mobile Lock, a hardening layer for the authentication process itself. By scanning user devices for jailbreaking, sideloading, app tampering, or malware, RSA is protecting not just the user’s identity, but the trustworthiness of the authentication mechanism as a whole—something often overlooked in passwordless discourse.
Together, these announcements present RSA not as a legacy identity vendor, but as a security-first innovator actively reshaping how enterprises understand and enforce digital trust. In a world where identity has become the new perimeter, RSA is not just keeping pace with change—it is redefining the rules.
Leave a Reply