RSA launches sovereign identity deployment for sectors
RSA has launched RSA ID Plus Sovereign Deployment, aimed at organisations that need identity systems to meet data sovereignty requirements.
The product extends RSA's ID Plus identity and access platform with deployment options across private cloud, multi-cloud, on-premises, and air-gapped environments. It is designed for sectors such as government, financial services, critical infrastructure, and healthcare, where systems must remain available while keeping sensitive data within national or organisational boundaries.
The launch reflects growing demand from regulated industries for identity systems that can operate across different infrastructure models without moving data outside approved locations. Data residency requirements, cyber rules, and operational resilience obligations have pushed many organisations to review where identity services are hosted and how they function if internet connectivity is lost or restricted.
The new offer combines authentication, access, directory services, and identity governance and administration in a single deployment model that can be used in different environments. It also supports passwordless authentication methods, including offline options, and can work alongside RSA Authentication Manager to provide backup authentication and access during cloud outages.
RSA presented the product as part of a broader push to support organisations facing tighter oversight and more complex operating conditions. These buyers often need to balance modern identity controls with domestic data handling laws, legacy infrastructure, and isolated networks.
Greg Nelson, chief executive officer at RSA, said the product was built in response to customer concerns over regulation, resilience, and cyber risk.
"RSA ID Plus Sovereign Deployment is a direct response to the intensifying regulatory landscape, operational realities, and emerging threats that our customers face," Nelson said.
He said the product is intended for organisations where identity failure would have significant consequences.
"We built this solution for high-assurance organizations where failure is not an option and where compromise is a non-starter. RSA ID Plus Sovereign Deployment ensures that government agencies, financial services, healthcare, and critical infrastructure maintain the highest standards for data sovereignty, regulatory compliance, and security integrity," Nelson said.
Regulated sectors
Identity security has become a bigger issue for sectors operating under national and sector-specific rules. Governments have introduced measures requiring stronger authentication, better control over privileged access, and tighter handling of personal and sensitive operational data. At the same time, many large organisations still run mixed estates that include cloud services, internal data centres, and disconnected facilities.
The product is aligned with a range of policy and regulatory frameworks, including Executive Order 14028, OMB M-22-09, OMB M-24-14, NIS2, and DORA. These frameworks have raised expectations around cyber resilience, identity assurance, and incident preparedness, particularly in the public sector and among operators of essential services.
RSA also highlighted phishing-resistant passwordless authentication and controls intended to address help desk fraud and bypass attacks. These attack paths have become a growing focus for security teams as threat actors increasingly target identity recovery processes and support channels instead of relying solely on email phishing.
Kevin Orr, president of federal and strategic at RSA, said the launch responds both to a changing threat environment and to the practical complexity customers face.
"In a threat landscape where standing still is its own vulnerability, RSA is raising the bar," Orr said.
He said the product covers a broader set of identity functions across varied deployment environments.
"RSA ID Plus Sovereign Deployment is the first and only full stack identity solution that enables government agencies, financial services, critical infrastructure, and healthcare organizations to modernize their identity infrastructure while meeting regulatory requirements and supporting operational complexity-without ever compromising on security or availability," Orr said.
Market pressure
The announcement comes as identity suppliers compete to show they can support sovereign and local deployment requirements, particularly in Europe and in government-linked projects. Customers in these markets have been looking for alternatives to identity tools that depend heavily on centralised cloud delivery or offer reduced functionality outside a vendor-managed environment.
For RSA, the launch also underlines an effort to position its identity portfolio around organisations with complex assurance needs, rather than focusing solely on mainstream enterprise cloud adoption. More than 9,000 organisations use its products to manage more than 60 million identities across on-premises, hybrid, and multi-cloud environments, according to the company.
By focusing on deployment flexibility and continuity during outages, RSA is targeting a part of the identity market where infrastructure choices are often shaped as much by policy, risk, and physical operating conditions as by cost or convenience.
The product supports environments as restrictive as air-gapped systems and mobile-free secure rooms, extending identity controls into settings where external connectivity and standard user devices may not be available.