RSA has announced ID Plus Sovereign Deployment, a new version of their identity platform RSA ID Plus designed for organizations that need to combine high availability, data control, , and resilience against advanced threats. The announcement was made during RSAC Conference 2026 and positions the company in one of the most relevant cybersecurity conversations today: how to modernize identity management without forcing governments, banking, healthcare, or critical infrastructure to rely entirely on a standard cloud model.
RSA’s approach is based on a very specific idea: “deploy anywhere”, meaning the ability to deploy a complete identity stack in private cloud, multicloud, on-premises, or even in air-gapped configurations, without sacrificing, according to the company, advanced functionalities for authentication, access, directory, and identity governance. RSA argues that this approach responds to a landscape where regulatory and sovereignty demands are tightening, especially in sectors where service outages or data control losses could have major operational and legal consequences.
A move designed for sectors where public cloud isn’t enough
RSA’s announcement doesn’t come in a vacuum. In Europe and other mature markets, regulatory pressure is mounting. The NIS2 Directive establishes a common cybersecurity framework for 18 critical sectors within the European Union, while DORA mandates the financial sector to enhance its digital operational resilience, effective from January 17, 2025. In this context, any identity provider aiming to stay relevant in regulated environments needs to offer more than a conventional SaaS platform.
RSA attempts to meet this need with an offering that, on paper, aligns well with public entities, financial institutions, critical infrastructure operators, and healthcare environments. These sectors often cannot rely solely on cloud models due to sovereignty, operational continuity, or sector regulations. RSA’s commercial argument is clear: if the client needs to keep identity data close to the data source, within their own perimeter, or even isolated from the internet, the platform must support them without degrading capabilities.
What exactly does RSA’s new proposal include?
According to the official release, RSA ID Plus Sovereign Deployment integrates capabilities such as MFA, SSO, access, directory, and IGA within a single platform and promises to keep them available in any supported deployment model. Notable features highlighted by the company include passwordless phishing-resistant authentication, offline passwordless options, additional security with RSA Mobile Lock, risk analysis via RSA Risk AI, and fraud prevention in help desk operations through RSA Help Desk Live Verify. Furthermore, RSA emphasizes that the solution can be deployed alongside RSA Authentication Manager to provide redundancy in cloud-down scenarios.
The company emphasizes that the platform maintains enterprise governance, role-based controls, approval workflows, and full action traceability. This point is crucial because one of the biggest challenges in sovereign identity isn’t just where the software runs, but how to preserve auditability and control when operating in complex, distributed, or highly restricted environments.
Identity becomes a geopolitical and regulatory piece
Beyond the product, RSA’s announcement reflects a broader trend: digital identity is no longer just seen as a security layer or user experience feature but as a critical infrastructure tied to technological sovereignty. In recent years, Europe and other regions have intensified discussions around data localization, reliance on large providers, and maintaining control over strategic services. Identity sits at the heart of this debate because it often serves as the gateway to everything else.
When an organization needs to ensure that access data, logs, authentication flows, or authorization decisions remain within specific jurisdictions or physical locations, the IAM platform ceases to be just a tool and becomes a strategic asset. RSA aims to occupy this space by offering a narrative aligned with this demand: same stack, same controls, different environments.
A strong promise that now needs to prove real execution
As with nearly all announcements at RSAC, it’s important to carefully separate potential value from commercial positioning. RSA presents its new sovereign deployment as a “groundbreaking” evolution and describes it as the first and only full-stack identity solution for such environments—an assertion that should be interpreted as part of their marketing message rather than an unavoidable, market-verified fact.
The key question isn’t just whether the idea makes sense—it does—but whether RSA can demonstrate in real customer deployments that it can deliver a consistent, secure, and auditable experience across all deployment models. In identity, the promise can sound elegant on paper, but real-world success depends on integration with legacy systems, operational ease, latency, service continuity, and compliance with audits and regulators.
Nevertheless, the move is significant. RSA is seeking to regain prominence in a market layer where trust, availability, and control are just as crucial as innovation. As regulations like NIS2, DORA, and sovereignty requirements reshape purchasing decisions, offering identity solutions that can be “deployed anywhere” is no longer just a business advantage—it increasingly appears as a necessary condition for serious competition in certain sectors.
Frequently Asked Questions
What is RSA ID Plus Sovereign Deployment?
It’s a new variant of the RSA ID Plus platform designed for organizations that require high security, data control, and deployment flexibility in private cloud, multicloud, on-premises, or isolated environments.
Which sectors are primary targets for this solution?
RSA officially targets public administrations, financial services, healthcare, and critical infrastructure, where regulatory compliance and availability are particularly sensitive.
Why does it align with regulations like NIS2 or DORA?
Because these regulations strengthen cybersecurity, resilience, and operational control obligations in critical and financial sectors—making platforms that combine modernization with sovereignty and traceability more valuable.
Is it already available?
RSA announced it at RSAC 2026 and incorporates it into their current catalog. Actual deployment will depend on client type, environment, and deployment model.
via: rsa