SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Secure building with digital shields interconnected pathways third party access management cybersecurity
#
MFA
#
Cloud Security
#
IAM

How organisations can protect themselves from third-party security risks

Fri, 21st Nov 2025
By Haider Iqbal, Director for Identity and Access Management, Thales

Every organisation today depends on a mix of vendors, suppliers, and service providers. The ecosystem of third parties is critical for business growth, efficiency, and innovation, but it also brings new security risks. What's worth noting is that these risks often don't come from complex breaches or hacks, but instead, originate  from the mundane, everyday processes in how third-party partners gain and manage access to systems.

The Thales 2025 Digital Trust Index, spotlights how small failures in identity and access management quietly erode trust between businesses. Clunky onboarding, login issues and slow offboarding are not just irritants; they create sneaky security exposures and operational inefficiencies that build over time. For organisations that rely heavily on external third-party partners, these gaps can translate into real business and security risks.

Every day Friction Erodes Trust

Trust rarely breaks in a single moment. More often, it wears down through repeated frustrations that partners quietly tolerate until they start to impact delivery. Thales reveals that 96% of third-party users continue to experience login issues, resulting in an average monthly loss of 48 minutes every month as they attempt to access the necessary systems. Multiplied across teams, that's days of wasted productivity.

What should be a seamless authentication process instead becomes a source of frustration. Forgotten passwords, repeated credential prompts, and poorly designed multi-factor authentication don't reassure users, they undermine confidence and trust.

No partner will sever a relationship overnight because of clunky logins. But in competitive industries, these small points of friction can delay outcomes at the very moments when trust is being tested. Over time, the accumulation of these inefficiencies can be just as damaging as a major security breach.

Onboarding and Offboarding: The Alpha and Omega of Trust 

Like everyday life, first and last impressions matter, and onboarding sets the tone for the entire business relationship. If it takes days to provision access or if processes are confusing and error-prone, partners may start their engagement with doubts about efficiency and reliability. According to research, almost one in three respondents said they waited days just to receive initial access from a partner, and 85% said that improving provisioning and modification would have the single greatest impact on managing trust.

At the other end of the lifecycle, offboarding represents an equally critical risk, as 51% of respondents admitted they had retained access for a former partner longer than necessary. Sometimes this delay was only a few days, but in many cases, access remained open for weeks.

This "leftover access" is not just sloppy housekeeping. It's a glaring security vulnerability that increases the risk of unauthorised entry long after a partnership ends.

Practical Steps to Strengthen Third-Party Access

Organisations can't rely on certifications, audits or broad security frameworks alone to demonstrate trustworthiness. The real test lies in how smoothly and securely everyday access is managed.

Here are practical steps organisations can take:

  • Automate provisioning and deprovisioning: Automating access for joiners and leavers reduces delays and eliminates manual errors. Immediate revocation of access when a partnership end is crucial.
  • Streamline authentication: Introduce secure single sign-on (SSO) and user-friendly multi-factor authentication (MFA) that protects without adding unnecessary friction.
  • Increase visibility and monitoring: Implement tools that give security teams real-time visibility into who has access, when permissions change, and whether accounts are dormant.
  • Privacy-by-design: Embed granular consent management controls in the third-party user journeys. Not only does it help your organization comply with data privacy regulations, it enables a sense of trust within the partner organizations
  • Standardise processes across partners: Consistency in onboarding, role updates, and offboarding ensures that all third-party interactions are handled with the same level of diligence.

Final Word

Managing third-party risk is no longer just about preventing catastrophic breaches. It's about closing everyday gaps that undermine trust and efficiency. Poor onboarding, clunky login system and delayed offboarding are not only security concerns; they are business risks that slow collaboration and weaken partnerships.

By focusing on automation, visibility and streamlined processes, organisations can close these gaps, protect themselves from unnecessary exposure, and build the kind of trust that partners value most, trust built not only on security, but on efficiency, reliability and ease of doing business.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
AI agents to transform enterprise, retail & security by 2026
AI-driven cyber wars to reshape security in 2026
AI reshapes cloud spend as firms shift from SaaS to agents
CrowdStrike warns AI will redefine cyber threats by 2026
Microsoft patches Windows zero-day & risky Office flaws

Top stories

Industrial ransomware attacks surge, manufacturing hit hardest
Arctic Wolf: agentic AI to reshape SOCs & Zero Trust
GhostFrame iframe phishing kit powers 1m attacks
Watch out for these eight trends to impact cybersecurity teams in 2026
Real people, real numbers: Why phone verification is your new trust filter