RSA’s passwordless push and ISPM focus: what changes for IAM teams

TL;DR: RSA frames its next phase around enterprise passwordless, higher-assurance identity for regulated environments, and identity security posture management, while tying those priorities to rising identity complexity and a workforce gap of roughly 83 cybersecurity workers for every 100 open jobs, according to RSA. The practical signal is that identity programmes now need stronger assurance, clearer risk prioritisation, and broader lifecycle governance, not just better login flows.

NHIMG editorial — based on content published by RSA Security: The Next Chapter for RSA

By the numbers:

• With roughly 83 cybersecurity workers for every 100 jobs, AI-powered cybersecurity tools can help organisations keep identities secured.
• Only 5.7% of organisations have full visibility into their service accounts.
• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.

Questions worth separating out

Q: How should organisations govern passwordless authentication in regulated environments?

A: Treat passwordless as an access assurance programme, not a convenience feature.

Q: Why do IAM programmes need identity security posture management?

A: Because access risk now accumulates across too many identities, entitlements, and environments for periodic review alone.

Q: How can security teams use AI in identity governance without over-automating decisions?

A: Use AI for correlation, prioritisation, and analyst support, but keep policy decisions, exceptions, and approvals human-owned.

Practitioner guidance

• Define passwordless coverage boundaries Map which applications, device types, and user populations are in scope for passwordless and where fallback methods remain allowed.
• Use ISPM to drive remediation ownership Route posture findings into named remediation workflows for access owners, application owners, and governance teams.
• Review identity controls across human and machine access Assess whether the same governance model can handle employee identities, service accounts, and other machine users without manual exceptions.

What's in the full article

RSA’s full blog post covers the operational detail this post intentionally leaves for the source:

• The product and platform specifics behind RSA’s passwordless roadmap across different device and application environments.
• The ISPM dashboard capabilities inside RSA Governance & Lifecycle and how the vendor positions them for compliance workflows.
• The way RSA describes AI-enhanced risk scoring and how it fits into its IAM and IGA data model.
• The regulated-industry deployment context that the source uses to frame higher-assurance identity requirements.

👉 Read RSA Security’s update on passwordless, ISPM, and identity AI →

RSA’s passwordless push and ISPM focus: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →