editorially independent. We may make money when you click on links
to our partners.
Learn More
At RSAC Conference 2026, I had the opportunity to sit down with Kenn Chong, Principal Product Manager at RSA Security (RSA), to discuss how identity security is evolving — and why traditional approaches are no longer enough.
Our conversation centered on a clear theme: identity is now the primary attack surface, and securing it requires more than incremental improvements.
Building a Phishing-Resistant, Resilient MFA Ecosystem
Chong emphasized that RSA is focused on delivering a fully phishing-resistant MFA ecosystem, not just point solutions.
This includes a broad mix of authentication methods — FIDO2, biometrics, passkeys, hardware tokens, and QR-based authentication — designed to eliminate reliance on passwords while maintaining flexibility across environments.
What stood out to me was the emphasis on resilience. RSA is not just building for ideal conditions but for real-world scenarios, including outages, offline access, and hybrid environments where authentication must still function reliably.
Sovereign Deployment Becomes a Competitive Requirement
A key part of this strategy is sovereign deployment. Chong explained that organizations — especially those in regulated industries — are increasingly demanding control over where identity data resides and how it is managed.
RSA’s approach allows enterprises to deploy authentication infrastructure in ways that meet strict data residency and compliance requirements, which is becoming a critical differentiator in global markets.
RSA and Microsoft Deepen Identity Security Integration
RSA also used RSAC to highlight its expanding partnership with Microsoft, which reflects a broader shift toward integrated identity ecosystems.
The company announced enhanced support for Microsoft 365 E7, enabling tighter integration between RSA ID Plus and Microsoft’s identity and security stack.
This integration is designed to provide trusted authentication not only for human users but also for AI agents — an area that is rapidly becoming a new frontier in identity security.
According to RSA, this collaboration allows organizations to secure access across hybrid, cloud, and on-premises environments while improving operational resilience and user experience.
The integration also builds on RSA’s involvement in the Microsoft Intelligent Security Association (MISA), as well as its contributions to Microsoft Security Copilot and Entra ID through tools like the RSA Advisor for Admin Threats and the Admin Logs Connector.
These capabilities aim to give security teams better visibility and faster response to identity-based threats.
Securing Human and AI Identities
One of the most interesting insights from our discussion was how AI is reshaping identity risk. Chong noted that organizations must now account for both human and machine identities, as AI agents increasingly interact with sensitive systems and data.
This aligns with the perspective that identity security must evolve to protect every entity operating within an environment, not just end users.
The implication is clear: identity governance, authentication, and monitoring must extend to non-human actors in a meaningful way.
RSA’s continued investment in passwordless authentication reflects this shift. The company introduced new enhancements at RSAC, including updated desktop passwordless capabilities for macOS and Windows, advanced mobile passkeys with proximity verification, and expanded support for datacenter environments such as Linux and server infrastructure.
These updates are designed to ensure that passwordless authentication can be deployed universally — across users, devices, and environments — without sacrificing security or usability.
Why Resilience Matters More Than Ever
What I found particularly interesting is RSA’s focus on operational reality. As one executive noted in RSA’s press release, passwordless must work not just in controlled demos but in edge cases, outages, and complex enterprise environments.
This perspective reinforces the idea that identity security is no longer just about convenience or user experience — it is about maintaining trust and access under all conditions.
The Future of Identity Security: Three Key Pillars
From my conversation with Chong, it is clear that the future of identity security will be defined by three factors: phishing resistance, ecosystem integration, and resilience.
Organizations that continue to rely on passwords or fragmented authentication strategies will struggle to keep pace with evolving threats.
In contrast, those that adopt a comprehensive, passwordless approach — integrated with broader security platforms — will be better positioned to secure both human and machine identities.
As identity becomes the new perimeter, the stakes are only getting higher. The advancements RSA is making, particularly in partnership with Microsoft, signal a move toward more unified, adaptive, and resilient identity security models.
For security teams, the message is straightforward: securing identity is no longer optional — it is foundational to protecting the modern enterprise.
