This article summarizes a recent SC webcast with host Adrian Sanabria, David Gwizdala, Senior Sales Engineer at Ping Identity, and Mark Wilson, B2B IAM Go‑To‑Market lead at Ping Identity. They discussed how mismanaged identities, insufficient access policies, and weak verification controls expose organizations to downstream threats -- and how to apply end-to-end Identity Lifecycle Protection as a solution.The complexity of third-party identity in modern organizations
Managing third-party access has become a fundamental challenge in today’s interconnected business landscape. As businesses rely on extensive networks of suppliers, partners, and distributors, ensuring robust identity management across this B2B ecosystem is more critical—and complicated—than ever.
According to the panelists, every business depends on many others, creating a complex web of access and trust. They emphasized that risk assessments during partner onboarding are often lacking, leading to unknown vulnerabilities. They underscored the need for continuous verification and the application of least privilege principles, highlighting how poorly managed third-party identities introduce significant security weaknesses.
A key challenge discussed was how privileges and access controls must adapt as relationships with third parties evolve. The group addressed how attackers increasingly target the extended supply chain, exploiting both technical and human weaknesses.
They also stressed the importance of regular recertification—not just at onboarding and off boarding but throughout an identity’s lifecycle—to ensure that access remains appropriate and that old or redundant accounts are decommissioned.
These fundamental practices, combined with adaptive, policy-based access controls, form the backbone of a resilient B2B security posture.
Authentication, threat response, and emerging best practices
With the expansion of third-party networks, organizations confront additional complexity around authentication.
The panelists highlighted that while multi-factor authentication (MFA) is crucial, a one-size-fits-all approach fails because users differ—some lack smartphones or rely on shared devices. The solution is contextual and adaptive authentication, leveraging available technologies for each user’s environment, whether it’s biometric verification, hardware keys, or traditional OTPs.
The conversation also covered the challenges of securely managing biometric data and ensuring privacy without sacrificing security. Effective threat detection and response demand integrating identity management with other security layers, such as network, endpoint, and behavioral analytics.
They recommended deploying fine-grained, policy-based access and building frameworks capable of rapid response—like disabling sessions or access in real time during suspicious activity.
Ultimately, the panelists called for heightened awareness, continuous discovery, and collaboration across business and IT to maintain control in an ever-changing B2B environment.
