At the 2025 RSA Conference, IBM delivered a clear message: It is not just participating in the evolving identity security conversation, it’s helping lead it. From expanded capabilities around non-human identity (NHI) discovery to the integration of newly acquired HashiCorp solutions, IBM is actively shaping the next generation of cybersecurity and the foundations of zero-trust security.
Patrick Wardrop, who leads IBM’s identity security portfolio, discussed the company’s post-RSA momentum, including reactions from customers, upcoming initiatives, and how IBM is breaking outdated perceptions about its security posture. “Our message and solutions we showcased at RSAC around discovery and managing non-human identities really resonated,” Wardrop said. “Customers got excited, our partners got excited and new prospects were excited.”
Big Blue Awakens
IBM’s re-emergence in the identity and security spotlight is not an accident. It is the product of deliberate investment, acquisitions like HashiCorp, and a modernized approach to interoperability. For companies that want solutions that work across legacy and modern environments, integrate rather than replace, and offer both product and services depth, IBM is no longer the sleeping giant. It’s wide awake and making a tremendous impact in security for global infrastructure and government. As Wardrop summed up, “We’re not just selling licenses. We are helping customers advance their security posture based on their unique mission and IBM’s deployment experience. IBM has always been the reliable partner of choice for decades and we take that role very seriously!”
Discovery and Lifecycle Management
IBM is uniquely positioned in the crowded identity and access management (IAM) space with its dual strength in both technology and service delivery. While many vendors focus on narrowly scoped features or SaaS-only delivery, IBM offers a comprehensive, flexible approach across on-premises, cloud and hybrid environments.
The acquisition of HashiCorp gave IBM a formidable boost. “We adjusted our observability and discovery tools to handle non-human identities or machine identities,” Wardrop explained. “This allows us to manage the full lifecycle of those credentials.”
That lifecycle begins with visibility, extends into governance, and concludes with integration into vaulting and privilege access workflows. IBM now supports this journey with both its existing governance tools and HashiCorp’s Vault, Boundary and Radar products. Wardrop called the combined solution “a really impactful security story.”
A Fabric That Connects
While competitors often emphasize a single solution or platform, IBM emphasizes interoperability. Enter the concept of identity fabric. “Just about every major Fortune 500 has more than one identity provider in place,” Wardrop said. “We provide the tools to stitch all of that together into a unified identity experience.” This includes integrations with Okta, Ping, Microsoft and others. IBM’s solution supports multi-directory environments, providing capabilities such as synchronized registries and drag-and-drop, no-code customization for user journeys. IBM even offers Duo integration while providing its own multi-factor authentication (MFA) tools.
The goal isn’t to replace what clients already use, but to bring cohesion and visibility across fractured identity ecosystems. As Wardrop put it, “Instead of saying rip and replace, we integrate. That’s why customers like us as a technology and security partner.”
Legacy Integration Without Code
One standout in IBM’s identity arsenal is its Application Gateway, a tool that allows legacy applications, including COBOL-based systems with outdated or inaccessible code, to integrate into modern identity frameworks. “Let’s say you have a legacy web front-end developed 15 years ago and no one has access to the source code anymore,” Wardrop said. “We have a solution that plugs in and enables SSO, passkey support and modern authentication without modifying the application.”
The gateway supports up to 3,000 applications per deployment and requires only a standardized Kubernetes stack. It works seamlessly with IBM Verify and other common identity solutions. In fact, Wardrop noted that some former clients who had migrated to Okta have returned to IBM to license Application Gateway because of its robust enterprise-grade functionality.
The HashiCorp Future
When asked whether IBM would absorb HashiCorp the way some acquisitions seem to vanish post-transaction, Wardrop pointed to another major IBM success story, Red Hat. “Red Hat has scaled exponentially from where it was when we acquired it,” he said. “I envision HashiCorp will be just the same.” It’s a powerful statement, not just of confidence in technology, but in IBM’s ability to scale and support acquisitions and innovations without smothering innovation.
Competing With the Titan of Seattle
When asked about Microsoft, Wardrop was direct. “They have a clever licensing model with E5, but you don’t really get everything in the box. Important pieces like logging and forensic capability cost extra.” In contrast, IBM packages its solutions more transparently, offering breadth and depth without hidden costs. This approach has earned IBM “boomerang customers” who initially left but returned for reliability, support and scalability.
IBM Services and Global Trust
Unlike many of its competitors, IBM has a vast global consulting arm, which is particularly critical in markets with unique regulatory or cultural expectations, such as Japan. “It’s a different world there,” Wardrop said. “Relationships matter. Follow-through matters. IBM is built to serve those needs, and we have strong teams to partner with to serve these critical markets and align with their business culture and practices. We want to ensure their success!” This emphasis on trusted relationships, long-term support, and regional sensitivity is one of IBM’s key differentiators, especially in contrast to companies that prioritize quarterly wins over sustained partnerships.
In an industry currently full of noise, new logos and two-letter slides, IBM is proving that real security transformation in the AI revolution takes more than a lofty latte imbued vision. Security takes an experienced partner like IBM forged in the historical fires of technology, backed by decades of real-world outcomes and solutions built to protect what truly matters, the lives of every member of our global community.
- Encrypt AI, Protect Your IP: DataKrypto Tackles the LLM Security Crisis While Redefining What Encryption Should Be
- Security Gamechangers: CrowdStrike’s AI-Native SOC & Next Gen SIEM Take Center Stage at RSAC 2025
- RSA Conference Dispatch: Mr. NHI – Leading the Movement to Expose Cybersecurity’s Biggest Blind Spot!
