Notifications
Clear all
Topic starter
25/06/2026 3:09 pm
TL;DR: RSA says Greg Nelson will succeed Rohit Ghai as CEO on September 15, while the company doubles down on passwordless, AI, posture management, and high-assurance identity for security-sensitive organisations managing more than 60 million identities. The change matters because leadership shifts often reshape product direction, delivery priorities, and platform risk assumptions in identity programmes.
NHIMG editorial — based on content published by RSA Security: RSA announces CEO transition to lead new phase of growth
By the numbers:
- More than 9,000 high-security organizations trust RSA to manage more than 60 million identities.
- Clearlake Capital Group manages more than $90 billion of assets under management.
Questions worth separating out
Q: How should identity teams respond when a major vendor changes CEOs?
A: Treat it as a strategic signal, not a procurement event.
Q: Why does passwordless need governance, not just deployment?
A: Passwordless changes the trust boundary, so enrolment, device binding, account recovery, and fallback authentication all need policy control.
Q: How do AI features change identity security operations?
A: AI can improve anomaly detection and response speed, but it also makes ownership boundaries more important.
Practitioner guidance
- Review identity-roadmap ownership across teams Confirm which group owns authentication, governance, posture, and recovery decisions so the vendor strategy does not outpace internal accountability.
- Validate passwordless recovery paths Check enrolment, lost-device, fallback, and help-desk recovery flows before broadening passwordless beyond a pilot.
- Define AI decision boundaries in identity operations Document which identity alerts or recommendations AI may generate, which actions it may automate, and where human approval remains mandatory for privileged or sensitive accounts.
What's in the full analysis
RSA's full press release covers the corporate transition detail this post intentionally leaves for the source:
- The formal leadership timeline for Greg Nelson and Rohit Ghai, including the post-transition advisory role.
- The company framing around accelerated growth, market position, and investment priorities.
- The description of RSA's current platform positioning across passwordless, AI, posture management, and identity governance.
- The corporate background on Clearlake Capital Group and STG, including ownership context and investment history.
👉 Read RSA Security's announcement on its CEO transition and identity strategy →
RSA CEO transition: what does it mean for identity teams?
Explore further
25/06/2026 4:30 pm
Leadership change in identity security is really a control-model signal. When a vendor shifts chief executives while keeping the same strategic pillars, buyers should read that as continuity in the market's core assumptions rather than a reset. In identity, the assumptions that matter are assurance, policy consistency, and the ability to govern access across environments without losing accountability. Practitioners should judge the market by whether those assumptions still hold in their own programmes.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: What should organisations measure in identity posture management?
A: Measure whether identity state still matches intended policy: privileged roles, authentication strength, dormant access, recovery exposure, and exceptions that persist beyond their approval window. A posture programme is working when it surfaces drift early enough to act on it before it becomes an audit issue or an incident.
👉 Read our full editorial: RSA CEO transition signals a push toward identity growth
