Transcript
Mike Matchett: Hi Mike Matchett with Small World Big Data and I'm back talking with RSA, the Kings kingpins, maybe even security. Uh, probably the most famous security company we have around. I've got Jim Taylor here. We're going to talk about a couple cool things that are current. We're going to talk about AI, of course, and all directions. We're going to talk about, uh, passwordless passkeys because that's confusing to a lot of people. And then we're going to talk about something called sovereign deployment, uh, which is, is a kind of capability that people need to pay more attention to in this land of agentic disparate global data. So just stay tuned. We got a lot of cool topics coming up here and we'll get right into them. Hey, Jim, welcome to our show. How are you guys doing? Jim Taylor, President, Chief Product and Strategy Officer, RSA: Hey, Mike. Great to see you again. Yeah. Everything's good. How are you? Mike Matchett: Good, good. I think last we talked was at an RSAC, uh, probably the 2025 ones. It's been been a, been a year. Uh, there are lots of things that are going on in the world. Uh, let's just start with the big one. Let's start with AI, right? And RSA is got to be at the forefront of this. Of what, how you defend against AI, how you use AI for good, how you know what's going to happen to AI next six months. You've probably got an interesting thing to say. So let me just start with this question of, uh, do you guys use AI? Is, is RSA all in on AI? Jim Taylor, President, Chief Product and Strategy Officer, RSA: Yes. Mike. Yeah, absolutely. We are. Um, not just all in on it, but all in on defending against it as well. As you said, it's like the number one headline, the number one talking topic, uh, just about everywhere. So yeah, we are very big into the world of non-human, particularly AI right now. Um, it's, uh, one of our primary kind of strategic initiatives that we're focused on this year are. Mike Matchett: Are you looking at AI in kind of a an enablement perspective or more from how to defend against it? How do you guys view view AI currently? Jim Taylor, President, Chief Product and Strategy Officer, RSA: Yeah, sure. Great question. So, um, the easiest way to describe it is we really look at it as three themes within the big AI bucket. Okay. So the first theme, uh, which you see a lot of folks doing a lot of, uh, you know, vendors around the world is how do we leverage AI? How do we make our products better? How do we make them more secure? So AI is great at doing things like data analytics. And I can point it at a big pile of login data and say, hey, go tell me what are the risks in that? Ai is great as, uh, kind of an advisor for configuration, those kinds of things. Recommendation engines. So how do we leverage AI is really theme one. And we have, you know, a full range of capabilities. We're adding more every day on how best to use AI as a security tool. So that's theme one. Theme two for us is how do we defend against AI? Um, you know, I would say that cyber adversaries certainly have a little bit of a head start and an advantage right now. They've been leveraging AI capabilities, uh, for quite some time. And so the security industry as a whole needs to kind of catch up and do a better job of defending against it. What I mean when I say that is things like, you know, using AI to socially engineer somebody to do background research, I can have AI go look at you, Mike. Tell me everything I need to know. I don't have to do that research anymore. I have a little willing assistant that will do it for me. Deepfakes, right? Things like video voice are getting so good now when I'm looking over my kid's shoulder or whatever as they browse the internet. And I really, I, I didn't know that, you know, the president could do that dance. Like it's, you know, it's, it's everywhere. And the quality is astounding. So I know, so defending against AI and what we found was as security improved, you know, as all good adversaries do is they probe for the weak spots. So very common attack vector right now is things like help desks. Um, it's really easy for me to contact the help desk and say, hey, I'm Mike, I'm in a situation, you know, this, this, this. I lost my phone. I need help, right? I can put pressure on the help desk. Ai is great at doing things like that. So having the ability to leverage, you know, help desk security, not just the front door anymore, but all the side windows and the back door. I need to secure everything because AI is probing everything. So that's a second kind of core big theme for us. And then the third one is, uh, you know, the Hollywood theme, which is a gigantic, uh, you know, we're seeing all sorts of agentic agents. Jen. Ai, you know, everybody is spitting up these little digital bots that are running around and doing what? Right. We don't know. So a lot of the companies, a lot of the organizations that we talk to, it really starts with, hey, awareness, do I have a problem? How many AI agents are running around in my environment and what are they doing? So that's a core area of focus for us as well. So we really split it into those three themes. Mike Matchett: All right. So you know, the I mean, I think I think we understand just from past coverage, our audience probably is pretty comfortable with the idea of AI as a white hat kind of tool. Yeah. Um, we're becoming more aware of things like mythos as, as we talked to a bunch of vendors and say like, oh, you know, it can also be a hacking tool in a big, big way coming up with some very creative ways to combine vulnerabilities that might seem minor, uh, into a major attack. Uh, and, uh, so we need to defend on those things. But this idea of the agentic AI hacking swarm or the even just the, uh, inability to tell if it's doing good or bad things today. I think that's kind of that kind of scares me the most. Right? Jim Taylor, President, Chief Product and Strategy Officer, RSA: Yeah. No, I would agree. Right? Because what are these agents doing? There's countless, you know, you can go down a Google rat hole or a YouTube rat hole and find all sorts of stories, right? You know, I create an agent. It is imbued with my entitlements, my, uh, capabilities. I ask it to do something it can't do. It's going to go ask another agent, maybe my boss's agent that's got more permissions, more entitlements, right? You know, we tell these things, hey, go create, go be creative and solve this problem. Why would we then be surprised when it's creative to solve the problem? Right? Mike Matchett: So, Jim, if we launch a swarm of agents on our behalf, that goes and does some inadvertent hacking, what color hat would we say they're wearing in our world? Jim Taylor, President, Chief Product and Strategy Officer, RSA: Uh, I would say they're going to wear any color hat they need to, to get the job done. Mike Matchett: The multicolored hat of our agents form. Jim Taylor, President, Chief Product and Strategy Officer, RSA: They have no scruples, no morals, you know, unless you give them those things. Yeah. You've given them a task. And unless you set rules, unless you set guardrails. Mike Matchett: You. Jim Taylor, President, Chief Product and Strategy Officer, RSA: Can do whatever they need to do. Mike Matchett: I think I think we're in trouble here. Okay. Um, so let's talk about some good some good news of, of, well, not that we can't use AI for good or bad, but let's talk about something where we may be winning a little bit more, which is passwordless. So the idea of passwords, the time we all know the time has come. We've all cheated on passwords ourselves. No matter how good a security professional we think we are at times. We've always made some easy passwords. We've probably written some down. I'm looking over at my desk and yes, there's a post-it note right there with a password on it that I didn't get somewhere else. Um, and, uh, that's embarrassing to me, actually. Uh, so, uh, Pat, tell us about passwordless. So this is something you guys have been working on. What is, what is, what is really, uh, what are we really changing up for? So instead of a password, we're using a private key of some kind. But what does that look like in practice? Jim Taylor, President, Chief Product and Strategy Officer, RSA: Yeah, absolutely. So, you know, as a long time, you know, career security professional, I've been trying to kill passwords for the last 30 years. Uh, you know, it feels like we're finally there, which is great. And so really the core concepts behind passwordless are, you know, having that credential that shared secret that I have to write down or remember that it then makes more complicated for me by making me change it every 30 days and, you know, uppercase, lowercase, right? Just doesn't work. So, uh, we're looking at new techniques, new technologies, and really proud of our work and participation of the Fido standards body and the work that Fido has done with things like passkeys. Right. So there is now a secure credential that people can use, but it's anything that's not a password. So biometric is the same, right? Like you do it every day, you face ID into your phone or you use your thumbprint, you use touch or something, right? That's not a password, but it is a credential. So we're at the stage now where passwordless is real. We're seeing a lot of enterprises really moving to that deployment phase. You know, the ability to get to 100% passwordless is available today. We were really excited. We actually took RSA passwordless and did a case study with the Fido Alliance and published that. But passwordless is achievable. It's now, it's today. Let's get out there and end the terror that is passwords. Mike Matchett: Right? So and, and, you know, we were talking a little bit about the effort to go Pass with this, and I think there is a case to be made that it can actually save money to the organization that goes passwordless because of help desk calls. And when you do that whole ROI. Yeah, there's actually there's actually a cost justification for doing it as well as the security benefit, which is incalculable in a lot of ways. Uh, but one of the, one of the frontiers of going passwordless is, is getting to that, like the networking problem, right? It's that last mile, right? Getting to those, getting to those bigger, heavier apps that may be more legacy, uh, apps on that. So, so where are we at today on getting passwordless out to that final that those final elephants that might be. Jim Taylor, President, Chief Product and Strategy Officer, RSA: That last month. So, you know, happy to report RSA is 100% passwordless. So we have no passwords in our environment. Um, you know, and we really focused on the hard problem. So you're 100% right, Mike. The, the first bit is easy, right? Web based passwords, passwords in my browser. You know, the internet, the browsers, they will handle that. Where it gets hard is how do I solve the desktop? You know, okay, I've got a windows machine. Well, my buddy, he likes a Mac, you know, and his friend likes a Linux machine, right? So it's not solving it in one place. It's solving it in every place that the real solution is, as you said, you know, then I go back to things like Wi-Fi and getting onto the network. I go back to legacy infrastructure, mainframes and, you know, all banking applications or things like that. So we've really worked really hard to be able to, uh, essentially deliver a 100% passwordless, whatever the infrastructure, whatever the use case, whether it's web, desktop, or legacy infrastructure, we've got you covered. So we're really excited about it. My going passwordless for us was, you know, a lifetime kind of career goal. Mike Matchett: So kind of free coming freeing on that. Uh, and, and we know, uh, three M stocks probably going to dive on this announcement because, uh, people are of buying a lot fewer Post-it notes. Um. Jim Taylor, President, Chief Product and Strategy Officer, RSA: Exactly. Mike Matchett: Uh, and, and there is a tie in somewhat between what we were just talking about with AI, AI agents and this idea of credentials that are, you know, can't be forged very easily. Uh, we don't really have time to go into that a little bit, but maybe just briefly, what, what, how does passwordless help us with our AI efforts eventually? Jim Taylor, President, Chief Product and Strategy Officer, RSA: Yeah. So, you know, the same challenges that we faced with humans, we faced with AI. So, you know, at some point, we want to get all of these agentic agents under control. Uh, you know, we want awareness and inventory. First thing every organization I talk to asks me is, do I have a problem? How many agents are running around? Okay. So we help them identify how many agents are in their systems. The next thing I need to do is make those agents prove who they are, right? I need them to authenticate. I need them to Authorize. I need to know what they're unable to do. Are they allowed to look at this file or not? Right. Which is critical. So basic security. So I think the key here is identity has become the new perimeter again. And that's for human nonhuman and agentic. So I encourage people to think about an agentic agent and say it's an identity that's running around in my world doing stuff. What would I apply to a human, and how do I apply that to that agentic identity? If I can have the same controls, authentication, authorization, governance, if I can inventory them, apply policy to them, then I can be secure. Mike Matchett: Right? And we don't want to repeat that mistake of saying, here's give all my agents, all my passwords because they'll share them. They'll write them down, they'll store them deep in the models. We don't know where they're going at that point. Jim Taylor, President, Chief Product and Strategy Officer, RSA: Well, first they'll laugh at us, right? Because you know. Mike Matchett: Yeah. Uh, yeah. So you can do a better password than that. Okay, so the last thing we want to. I want to sort of talk to you about here real quick is this idea of, I guess it's a governance and compliance issue at first, but it's really a matter of knowing where your data is and, and having control of it. And for a lot of people, when we start talking about SaaS software and security software and services on the internet, you know, credentials go everywhere. Data goes everywhere. Even if you, you know, if a company says it's here, they'll go down and they'll recovery area will be over there and suddenly all your data is over there. Or maybe it always was in copy and now it's now you just know. Right. So, you know, resiliency is an issue. This what what is our position on this idea of, um, you know, where data lives, where data is supposed to be, uh, the compliance aspect of keeping security and data credentials where they need to be. Jim Taylor, President, Chief Product and Strategy Officer, RSA: Yeah. No, absolutely. So, so we've announced and are working on a capability that we call, uh, you know, sovereign deployment. Uh, Mike. And really, that's borne out of, you know, our view of the world. We've seen and had incidents ourselves. We've seen our customers have incidents, right? Everybody essentially kind of handed off control, uh, certainly control of their security to, you know, big, as you said, you know, cloud vendors, SaaS vendors, you know, I'm consuming something else. It's the, it's the rent it, not buy it model, right? It's Netflix versus owning the DVD, right? So there's a lot of benefits to doing that, which is great until the internet goes down or until there's an issue and I can't get to it. So our view on that is, you know, particularly where we live, which is the no fail identity zone, right? We deal with a lot of, you know, high assurance governments, financial institutions, you know, healthcare providers, critical infrastructure. That stuff cannot fail. We cannot have, you know, a cyber attack and lose all power on the East Coast. That's just not okay. So we're developing a capability which we describe as sovereign deployment, and it's really about putting that control back in those entities hands. They get to decide how best to consume the technology deploy anywhere model. Now most vendors have, you know, a deploy somewhere, model and deploy somewhere else at a slightly lesser capability type model. We're not doing that. We've said every capability that we offer, every function that we have the full stack, you trust RSA to secure you. We should not be involved in that conversation of how you consume that technology. So we want to give that control back and say, if you want to put it in an air gap network, if you want to be redundant across 15 physical sites, if you want to be from, you know, across three different cloud vendors and on prem, uh, you know, however you want to consume whatever is the right model for you to consume. We want to enable that, and that solves high availability. It solves redundancy. It solves reliability. Remember, we're in that no fail space where the consequences are real. So we cannot have financial infrastructure, medical infrastructure, power infrastructure. We just can't allow those things to go down. So we are building that capability. Mike Matchett: So you're raising the bar not just for other security companies, but for every service provider out there. Really, if we talk about this idea of sovereign deployment in capital letters, it really throws the gantlet down on other folks to say, you got to rethink what being a service provider means or a SaaS provider. You can't just host something. You've got to give control of where it's hosted, how it's hosted, how it's resilient to the consumer. You got to put that back in their hands. That's a big lift, Jim. Jim Taylor, President, Chief Product and Strategy Officer, RSA: Yeah, 100%. I mean we we've seen it. You know it's coming like like don't be don't make no mistake. Right. We've seen regulations like Dora in European Union, which is a resiliency and redundancy, you know, regulation. That was a direct reaction to some severe cloud outages around the world. We've seen recently, right, with things that are going on in the world, critical infrastructure has been hit and gone down. It's had impact on those, you know, critical things that cannot fail. So, you know, I would advise every vendor if you are, you know, providing a service that is somewhat critical in nature, you need to be asking the what if question until you run out of those questions, right? Until we've answered every single what if question that we can think of, our job is not done. Mike Matchett: Or an AI can think of on our behalf, right? Jim Taylor, President, Chief Product and Strategy Officer, RSA: Exactly. Mike Matchett: Uh, and I'm also going to just throw another monkey wrench in that for people's listening to this. Uh, and I didn't cause this issue, but the more dependent you are on AI services, on those big, heavy models and things, and they become even part of your security solutions, whether it's the defensive or offensive sides of those things. These things are also going to apply where you're going to have to be able to host those things in a resilient manner, which may mean you have to own your own AI infrastructure. That's really getting more and more difficult to get your hands on today. So we'll just leave it at that, that there's, there's definitely some twists to the story. And this all really comes together in kind of a crazy way. But with that, Jim, we're running out of time here today. So we talked about AI, we talked about passwordless. We talked about this idea of sovereign deployment. All great topics. Thank you for coming here today and educating us on this. Jim Taylor, President, Chief Product and Strategy Officer, RSA: You're welcome. Thanks, Mike. It's always great to spend time with you. I always enjoy the conversation. Mike Matchett: And if someone wants to find more information out about any of those topics, obviously RSA has a big website, but is there anything in particular you'd point out to someone trying to follow along some breadcrumbs here? Jim Taylor, President, Chief Product and Strategy Officer, RSA: Yeah, absolutely. So we, you know, go look for the case study. It's hosted on the Fido Alliance, so you know how to go passwordless. It's our journey, warts and all. Everything that we went through. Um, I think that's a great resource. Um, you know, obviously rsa.com go look there. Um, you know, I think those are two great resources. You know, ask us a question. We're easy to find, Mike. Mike Matchett: So easy to find. Uh, but very secure, very secure, very secure. Jim Taylor, President, Chief Product and Strategy Officer, RSA: No Post-it notes here, buddy. Mike Matchett: No problem. Oh my gosh, I'm embarrassed. Anyway, I'm not going to show them to you because that would be really insecure. But, uh, glad to talk to you, Jim. Uh, come back around, especially if you got anything to demonstrate you want to show us live. We'd be happy to look at that, too. Um. And, uh, thanks. Don't be a stranger. Jim Taylor, President, Chief Product and Strategy Officer, RSA: Yeah. Thanks. And and, you know, have a great day to everybody out there. Mike Matchett: All right. Take care, folks.
