close
close
RSAC 2025 Conference: Identity Security Highlights

RSAC 2025 Conference: Identity Security Highlights

by

When RSAC 2025 goes back in the rear-view mirror, I wanted to share some of the identity security and data security knowledge, which I won with around 44,000 of my closest cyber security fans in San Francisco. There were four days to speak to security interns, providers, investors and other industry analysts to get insights into effective strategies in order to deal with extensive identities and data.

Below you will find the topics and remarkable innovations in identity security at the Big Show. If you could not participate, you will find a taste of the flood of cyber security inge. In RSAC.

Identity security continues to collect interest and investments

Identity security has many unresolved problems and plenty of space for efficiency gains, and investors provide innovations to achieve better results of identity security.

Identity continues to attract considerable risk control. Take a look at the recent financing highlights: Persona received $ 200 million for the identity examination, the security of $ 30 million for the detection and reaction (ITDR) and Veza 108 million US dollars for the identity government and management.

As the latest research in the corporate strategy group, now part of Omdia, investments in identity security continue to grow compared to other areas of cybersecurity investments.

Security for the agents -KI: The emerging challenge

The catchphrase at RSAC was a acting AI – a form of non -human identity in which agents can argue, plan, learn and adapt.

And if you don't know the acronym MCPThey are not part of the cool kids club. (For those who have overlooked it, MCP stands for the model context protocol, a protocol that offers a universal option to safely connect and interact external data sources, tools and environments.)

The providers talked about agents AI for security – application of agents to improve their products – and the security for the Agent -KI – to ensure that agents work safely. Use of Agentic AI to improve security that optimizes processes and enables security teams to do more work.

At RSAC, many content -related uses of AI agents to improve security were emphasized, including the security copilot agents of Microsoft and Google Cloud -KI security forces.

One topic that was created on the show was that the Agentic Ai is a complex challenge, but is primarily an identity problem.

Agents -ai protocols develop at a surprisingly fast pace. Anthropic presented MCP in November 2024 that Cisco-supported Agncy.org came to arrived in March 2025 and Google's agent2 agent came to April 2025.

The protocol acceptance moves quickly because companies see an opportunity for efficiency and growth. In a acting AI world, agents will have the agents call, call the agents. Standard protocols are of essential importance for interoperability between tools, platforms and providers.

If you work in a walled garden of a provider-for example, Salesforce Agentforce or Microsoft Security Copilot Agents-is relatively blocked, and authentication and authorization is well understood. From a point of view of identity security, it becomes interesting if you cross borders outside of walled gardens. Here I expect the company value to be activated by Agentic Ai. However, if you start moving and working with valuable information, there is the possibility for fraud and data compromises without guardrails and fine -grained approval.

Orchestrating the AI ​​agent -ecosystem is a rapidly developing space. The players come from many angles, including the following:

  • AI Agent Access Management – for example NATOMA Labs and Silverfort.
  • Identity management and administration for AI agents – for example conductor, Lumos, Sailpoint Technologies, Saviynt and Veza.
  • Securing the KI and MCP server infrastructure – for example cyberark and teleport.

Companies are under pressure to show a value from their generative AI investments, and the agents -KI offers a clear value for value. The protocols will continue to be developed, and the threats will eventually occur, but security managers should be involved in company talks with their compliance, cio and colleagues in order to remain the Agentic AI Security and to promote agents in a safe and compliant way.

Convergence and platforms: The long game

The convergence of solutions is widespread in many areas in cyber security, in which there are clear focus centers, including endpoint, network security and cloud security. Identity security in particular was a relatively fragmented space.

Most companies have one or more products in each of the areas that include identity security: Identity Governance and Administration (IGA), Access Management, Privileegd Access Management, ITDR, Identity Posture Management (ISPM) and NHI security.

This changes when the providers develop or acquire neighboring functions. For example, Cyberark Zilla for IGA, Saviynt added ISPM at RSAC, OKTA and Microsoft IGA products, and many providers have an element of NHI security in their products.

In conversation with practitioners at RSAC, it became clear that the history of convergence was a long game. Practitioners today have a heterogeneous stack of identity that has accumulated for many reasons. Most practitioners want to make sure that they have the best possible identity technology stack in the future. The people I talked to said they were ready to converge with their existing providers, but the prerequisite was to have the best possible functionality that would be worth paying the costs of switching off an existing product. Such changes do not occur overnight – they take years.

The identity technology convergence history, which is told, is convincing, but it will take some time before the identity teams methodically improve and develop their identity technology stack to solve today and tomorrow's challenges.

While the convergence rolls forward, the continued river continues between platforms and best-of-break. Innovative startups focus on considerable identity problems. For example, Silverfort, Push Security, Breez and Permiso Security with ITDR or passbolt with safe cooperation and registration. Such products will thrive by filling certain gaps that insufficiently or not at all cover converged products.

Last thoughts

RSAC 2025 recorded a large amount of announcements, innovations and interesting conversations. My research area includes both identity security and data security, but Identity security has seen so many measures at RSAC that I only focused on this article on this topic. I mark RSAC 2025 data security innovations in a separate article.

Did you notice anything at RSAC? Are you a provider with an interesting product? Put on LinkedIn to me.

Todd Thiemann is a main analyst that covers identity access management and data security for the corporate strategy group, which is now part of Omdia. It has more than 20 years of experience in cyber security marketing and cyber security.

Enterprise Strategy Group is part of Omdia. The analysts have business relationships with technology providers.

Leave a Comment