What if the biggest threat to your brand’s agility and security isn’t a competitor, but the welcome mat you lay out for your own partners?
Agility requires not just the ability to move quickly, but the confidence to do so securely. It’s about building a foundation of trust that enables seamless collaboration without introducing unnecessary risk.
Today, we’re going to talk about a critical, yet often overlooked, aspect of brand agility: the digital experience we provide to our third-party partners. From marketing agencies to technology vendors, these relationships are essential, but the very processes meant to enable them—like onboarding and system access—can often be the source of massive friction, security risks, and a fundamental breakdown of trust.
To help me discuss this topic, I’d like to welcome, Haider Iqbal, Director, Identity & Access Management at Thales.
About Haider Iqbal
Haider is a technology leader and strategist with a career that spans consulting, sales, acquisitions, and product marketing across multiple regions. He has guided multimillion-dollar sales efforts, played a key role in a $100 million identity-sector acquisition, and now leads product marketing for Thales’s IAM business. With roots in management consulting and a track record of translating complex technology into business growth, Haider brings both breadth and depth of expertise. Driven by a mindset of constant learning and unlearning, he is passionate about building technology that is inclusive, trustworthy, and safe for future generations. Outside of work, Haider can often be found on a cricket pitch, volleyball court, or golf course, with very occasional success.
Haider Iqbal on LinkedIn: https://www.linkedin.com/in/haideriqbal/
Resources
Thales: https://www.thales.com
The Agile Brand podcast is brought to you by TEKsystems. Learn more here: https://www.teksystems.com/versionnextnow
Catch the future of e-commerce at eTail Palm Springs, Feb 23-26 in Palm Springs, CA. Go here for more details: https://etailwest.wbresearch.com/
Connect with Greg on LinkedIn: https://www.linkedin.com/in/gregkihlstrom
Don’t miss a thing: get the latest episodes, sign up for our newsletter and more: https://www.theagilebrand.show
Check out The Agile Brand Guide website with articles, insights, and Martechipedia, the wiki for marketing technology: https://www.agilebrandguide.com
The Agile Brand is produced by Missing Link—a Latina-owned strategy-driven, creatively fueled production co-op. From ideation to creation, they craft human connections through intelligent, engaging and informative content. https://www.missinglink.company
Transcript
Greg Kihlstrom (00:00)
What if the biggest threat to your brand’s agility and security isn’t a competitor, but the welcome mat you lay out for your own partners? Agility requires not just the ability to move quickly, but the confidence to do it securely. It’s about building a foundation of trust that enables seamless collaboration without introducing unnecessary risk. Today, we’re going to talk about a critical yet often overlooked aspect of brand agility, the digital experience we provide to our third party partners.
From marketing agencies to technology vendors, these relationships are essential, but the very processes meant to enable them, like onboarding and system access, can often be the source of massive friction, security risks, and a fundamental breakdown of trust. To help me discuss this topic, I’d like to welcome Haider Iqbal, Director, Identity and Access Management at Thales. Haider, welcome to the show.
Haider Iqbal (00:47)
Next track, great to be here.
Greg Kihlstrom (00:48)
Yeah, looking forward to talking about this with you. Before we dive in, though, why don’t you give a little background on yourself and your role at Thales?
Haider Iqbal (00:54)
Yeah, so that is obviously is a much bigger company as a group, know, building satellites and whatnot. But I actually work in their cybersecurity products business. And specifically, I actually had their product marketing for their identity and access management business that helps companies basically if you’re an employee to log into different applications, if you’re a consumer to log into your banking applications your retail applications online as well so on and so forth. So I actually look after their global product marketing for that particular product line.
Greg Kihlstrom (01:28)
Great, great. So yeah, let’s dive in here and talk about, we’re gonna talk about a few things, but I wanna start with the imperative of digital trust. And so Thales put together a digital trust index and that highlights that nearly one in three third party users must wait days for access to critical systems. I think I’ve been one of those people waiting on the waiting end and situations like that. So I definitely can empathize from a brand’s perspective, what are the hidden costs of that initial friction beyond just lost time? How does it impact the perception of a brand before a project even begins?
Haider Iqbal (02:04)
Yeah, great question. I think the way that we operate today, we are generally not just speaking about our own organization working with a consumer or a customer. You often work as an extended enterprise, right? So your business partner is whether those might be your distributors, your agents, sometimes even your suppliers as well they become a really crucial part of the overall experience that you deliver to your consumers or customers. And I think it was probably Gartner that coined this term called total experience. I really like the term because the way that they look at it is saying, hey, you know what, if you want to deliver good user experiences for your customers, you need to think about the user experience, not just of your own employees as well but also anyone, any other stakeholder that might be involved as part of that whole process as well. So I think as part of the overall experience that we want to deliver to our end consumers, your partners and your suppliers become extremely important. So speaking about your brand as a whole, you know, your partners and your suppliers, they actually become an extension of your brand that way as well.
Imagine if you have a disgruntled end consumer who can’t gain access to, let’s say, their business application, or perhaps they want to order something online and they can’t order online just because they can’t have access to their applications. I think the same logic applies to your partners as well that way. So in order to establish that trust with your partners, you need to make sure that the access that you’re providing to them is actually seamless to begin with.
Greg Kihlstrom (03:42)
Yeah. And the report also shows that only 56 % of users are fully confident that a host organizations would disclose a breach promptly. So 56 % not as much as you might hope, right? In an ecosystem where, you know, there’s interconnected MarTech platforms and agencies and, you know, all of these pieces, how should a marketing leader think about the concept of shared risk as well as shared responsibility when it comes to third party data access.
Haider Iqbal (04:14)
Yeah, I think when you look at different sort of regulations that are popping up, right? So obviously when we look at Europe, GDPR is kind of like the gold standard of all privacy regulation. But even here in the US, for instance, you know, it’s a bit fragmented that way, but you have, I think a bit north of what 30 different data privacy regulations over here in the US as well.
And with that fragmentation, I mean, when you look at this statistic and the confidence that actually your partners have in the case of a breach, I think it is quite alarming that way as well, because again, you know, going back to the notion of trust, if your partners cannot trust you with their data, right? Or perhaps you cannot trust your partner to actually, you know, trust them with your customer’s data, for instance. You know, that creates a barrier for actually delivering, I would say, smooth user experience for your end consumers that way as well. So I think when it comes to shared responsibility, that doesn’t necessarily mean shared cybersecurity as well, right? So, you know, each one of the entities, they are responsible for ensuring that they have the right checks and balances in place. But something that, you know, a term that I often use as part of the overall digital experience that you’re building for any consumer, what we like to call it is privacy by design. So I think if there’s one message that I’d want to pass to, let’s say, know, a chief commercial officer or chief digital officer is, know, as you’re thinking about building those user experiences, not just for your end consumers and customers, but also for your partners and suppliers, you need to think about privacy by design, because that is absolutely essential to the overall user experience as well. You having that conference, mean, you and I as individuals as well can vouch for that as well, right? I I need to have the ability to know that my data is being kept in a safe and secure manner and it’s going to be used just in the correct way that I anticipated to be used as well. And obviously, I said, extended enterprise, if our marketing stacks are connected, you know, that problem becomes even more amplified. again, think about privacy by design whenever you’re designing those user experiences because that’s going to help save you a lot of trouble in the future as well.
Greg Kihlstrom (06:37)
Yeah, and there’s a lot of aspects of the user experience to look at, but I know one large one that your data points to is just inconsistent processes, frequent password resets. know, 96 % of users in the index face login issues. Again, I totally feel their pain. It’s kind of the bane of many’s existence, I think. What’s a practical first step that a large organization can take to solve for that, know, standardizing identity, access, experience, all of these things. Because, I mean, I think the other part of this is a lot of these partners, this isn’t the only, you know, this isn’t their only partner, right? So they’re facing this not only with one partner, but, you know, how many? Like five, 10 other partners in some cases. So, you know, what can a large organization do to, you know, improve that experience?
Haider Iqbal (07:30)
Yeah, I think when you speak about passwordless, they bring not just friction for the users who are using them. In the background as well, if you imagine in terms of the cost that the IT organizations need to bear for resetting passwords, when users actually forget their passwords as well. I think the magnitude of this problem when it comes to speaking about partners is perhaps best explained by another survey that we did, I think, perhaps a year ago. It was pretty telling for me as well that almost, I think, ⁓ maybe half of all users who are trying to gain access to your corporate assets or data, they’re actually external users. So usually we’re always thinking about the user experience of our employees, for example, or the end consumers. But then close to 50 % of those users are actually
signing in from, let’s say, your partners, your suppliers, so on and so forth. So when you put that into perspective, it gives you the magnitude of the problem as well. Now, if you multiply the password resets for such a big user constituency, you come to realize that the problem is indeed quite great that way as well. Now, what can organizations do? I mean, you might have heard the term passwordless.
So that is doing around these days. The great thing is I think we as end consumers as well, regardless of having a lot of technical knowledge, actually understand the concept really well of not being able to use passwords. you just go and use your biometric information or facial recognition, for instance, to log into different applications as well. Something that perhaps the marketing fraternity might not be as familiar with, but there’s something called the Fido Alliance and they’re basically on a mission to get rid of passwords. So Thales has been on the board of Fido Alliance for many years now. One of the things that we recommend to large organizations is when they’re thinking about going passwordless to get rid of all the problems that we just described, they end up thinking in a very myopic sense to just focus on either their employees or their consumers and they tend to outright overlook that large user constituency that I just described in the middle that is gaining access to your corporate resources as well. So if you’re building a good user experience of getting rid of passwords for your workforce and for your consumers, why not do it for your partners and suppliers as well? take a holistic approach to looking at getting rid of passwords.
It shouldn’t just be for your employees and it shouldn’t just be for your consumers. know, there are technologies out there. Like I mentioned, you know, when you look up Fido Alliance, they introduce something called Passkeys, which are great to actually get rid of passwords inside your organization. And also for your third parties that might be interacting with your systems as well.
Greg Kihlstrom (10:18)
Yeah, yeah. Well, and one of the reasons, mean, several pass keys, I think are amazing. I use them whenever they are available. I wish they were available more. You know, one of the reasons for this, you the study also, so, you know, you mentioned 50 % of the, roughly 50 % of the people logging in are not necessarily internal to the organization. So you’ve got, you know, roughly half of your audience, sometimes external partners. And then your study also shows that over half of users retain access long after it’s needed. So, you know, another security gap. So, you you’ve got half of this audience that are not even employees and, know, you’re not directly governing their, their access or their, their security and things like that. So, you know, it seems like a simple enough problem maybe to solve on, the surface, but it, it still persists. So, you know, is this
Purely, you know, can this purely be solved by technology? Is it a process problem, a people problem? You know, how do you kind of untangle all of that?
Haider Iqbal (11:20)
Yeah, as is the case with many other things, I think it’s a mixture of both process and technology. But the good thing is now you do have technology that actually helps you in ensuring that these kind of things don’t happen. Right? So first of all, think, I mean, imagine a partner, a disgruntled partner like that, who might have been working with you for the longest time and you suddenly sort of terminated your relationship with them and they go rogue and they’re able to download more data from your website even after their relationship with you has terminated. Now, in the older days, perhaps, this was not a significant problem, but when you look at how interconnected organizations are these days, the amount of the threat that this unfederated access can actually present,
It’s quite significant that way. And that’s why you hear about these third party breaches going on as well. So something called the supply chain risks, for example, are the third party risks. You’ll come to realize that over the course of the past three or four years, they have increased significantly as well. One of the things that we recommend to organizations is if you’re working with a partner organization,
Right? So imagine if I’m working with a supplier. Usually this organization that you’re working with has better intimacy about who is still in their organization, who has left the organization. So why don’t you as the host organization delegate the access management capabilities to your partner organization? So imagine if you, are my supplier, right?
You know how many people in your organizations are interacting with me as a brand. What we say is delegate that administration over to Greg and Greg doesn’t have to be a technical person as well. Right. So give them user friendly tools that allow you to say, Hey, you know what, Tom or John or in, they’re still working in my organization, but Jane just left the organization. So, Hey, I can revoke the access because Heather doesn’t know that Jane has left.
So think that’s one way of putting the onus on your partners themselves because they have much more better intimacy in terms of who actually should be having access or if somebody has left the organization, how to actually report their access as well.
Greg Kihlstrom (13:43)
And so how does an organization measure, you know, ROI on something like this? mean, obviously, you know, if there’s, if there’s a data breach, that’s a very, you can probably, you know, run some numbers around something like that. But, know, as, as in a lot of cases, this is preventative and, and, and things, but it seems like there’s still some ways there’s reducing friction and, and things, you know, your report shows that users waste about 48 minutes a month logging in and accessing and stuff like that. I feel like that’s longer for me, but maybe that’s, I’m just challenged in that way. But how do you recommend brands measure the impact of that of that reclaimed time and correlate it to building what your reports calls digital trust?
Haider Iqbal (14:29)
Yeah. I mean, think a lot of it, when we look at it in terms of end consumers ourselves, I think drawing that analogy becomes so much easier. I think a login experience, a frictionless login experience is become kind of like a norm in the consumer world. Organizations that are still creating friction in terms of using passwords or
perhaps even forcing users to go and change their passwords every now and then, actually show the inherent nature of the problem of passwords to begin with. If you want to build a better reputation with your partners and customers, you want to ensure that they’re doing activities with you, which they’re meant to be doing and not wasting time trying to gain access to data, trying to gain access to systems.
The best thing about technology has to be that it is so invisible that you don’t even actually feel it working for you in the background. So I think one of the ways, as you correctly pointed out, right, 48 minutes per month for me, especially for somebody who perhaps might be actually spending a lot more time on internal systems, 48 minutes for gaining or losing time on external system, I think it’s a very significant number.
I think it’s extremely important that organizations try to sort of quantify that in terms of loss productivity for this extended enterprise that way as well. If I give you a very small example, Thales as a company, if I remember correctly, I think we used to have, this was just a few years ago, something like 12,000 different suppliers, not users, 12,000 suppliers. Now you multiply that.
with, I don’t know, 10 users per supplier or which is by the way, a really small number. Right. That gives you the magnitude of the number of users who are potentially sort of gaining access to your systems. And again, certain other industries like when you look at insurance, for instance, you you have a network of brokers and agents that you’re working with that have a really complex relationship with you as well. Again You need to automate the process in a way which you don’t have these kind of frictions because again, these are not one-to-one relationships that you can manage on your own. The more you’re able to automate a lot of these access management processes, they actually help you in building trust with that really complex network that you’ve built for yourself as an organization.
Greg Kihlstrom (16:57)
And so, how, I you mentioned some things like pass keys and just password lists in general. You know, how close are we to that being a reality? I mean, again, I see it as a, you know, either as a consumer or as a user of some platforms, but it’s, you know, it’s feeling inconsistent right now. You know, what’s, what does that look like over the, you know, months and years ahead?
Haider Iqbal (17:19)
I mean, months and years ahead. I like the word that you put years in it as well, because maybe I can give you some concrete examples, right? So there’s a manufacturing concern that we are working with. Obviously, you know, they have people wearing hard hats in that setup as well sometimes. And we are actually discussing with them technologies which make authenticating to a lot of the digital assets, because obviously a lot of those factory floors are getting digitalized as well so, we actually working with them to see something called brain computer interface, which is basically a technology where you don’t need to use any password. You know, you can actually communicate using brain waves and that actually leverages technology that helps you in implementing password lists for the future, especially in the context of some of these B2B users. So for example, those contractors that you might have working on, on the floor as well, you know, they actually make those kind of use cases a lot simpler as well. But then, you know, maybe perhaps not looking at that far ahead in time, you know, sticking to pass keys, I think when you look at pass keys, I think they have been phenomenal in terms of, you know, the mission of getting rid of passwords for organizations as well. And I think even in this day and age as well, you know, we have the technology stack that can actually enable your partners
your suppliers to actually log into different applications without using their passwords as well. And again, there are different mechanisms. So for example, you you might not be comfortable using your smartphone as a supplier. You know, you don’t want to use your personal device. Right. That’s fine. You know, there’s a, there’s an alternative mechanism like, like smart cards or USB tokens, for instance, potentials that you could provide your suppliers and partners as well if you want to ensure that they can actually log into different applications in a secure fashion as well. So again, I think technology is no longer the barrier. So that’s really not the excuse here anymore.
Greg Kihlstrom (19:15)
Yeah. Well, yeah. And, you know, speaking of technology, you know, we haven’t spent a lot of time talking about AI today, but let’s go there. I guess as we kind of wrap things up here, last topic, you know, obviously, you know, AI is, it feels like it’s already everywhere, but it’s, it’s increasing in its usage. It also is introducing some interesting access requirements issue. know, when we start talking about agent to agent communication, know, agents on behalf of consumers or, you know, it’s early days, but it’s becoming, you know, it’s becoming more and more used. I assume that’s going to happen more and more in the B2B space as well. So, you know, what kind of challenges and, you know, how does this kind of change or maybe add to the complexity of what we’re talking about here?
Haider Iqbal (20:04)
significantly. mean, you know, I spoke about the complex maze that you have in the B2B ecosystem in terms of being able to manage so many different type of users that we don’t even know of. It gets multiplied, I don’t know, 10 fold, 100 fold, I don’t know. I why is the limit in terms of the machine identities or the agentic identities that you would have to manage in the world of tomorrow, right? And that’s why the whole identity and access management layer becomes so much more important, right? Because if you don’t have an inventory of all the agentic AI identities in your infrastructure, what you can’t see, you can’t protect, right? Or protect from that way as well. So again, I think, you know, the whole problem of managing identities in the AI world or the agentic AI world, it becomes a lot more complex.
to solve as well. So you need to have a lot more granular. We are working with them as well. I spoke about this capability of delegating the access management part to your partner and all that stuff. Now think about delegating all of those access over to multiple agents as well. So I think the, you know, the whole notion, I mean, there’s huge potential for us as cybersecurity companies in this space, but yeah, it is a challenge that you know, the commercial teams do need to look at because the future is already here. I mean, we know, you know, you have those agent to agent interaction, which are happening today. So again, having visibility on, you know, the ecosystem of agents that you have in your ecosystem and your extended ecosystem, and then being able to grant granular access rights to them as well becomes absolutely crucial and future as well.
Greg Kihlstrom (21:46)
Yeah, yeah. So as we wrap up here, a couple of last questions for you. If we were having this interview a year from now, what’s one thing that we would definitely be talking about?
Haider Iqbal (21:58)
I think we just spoke about it just now. ⁓ only even more amplified, right? So, agent tech AI, is just mind blowing, you know, how much it’s affecting not just the consumer world, but this B2B interaction world as well. mean, imagine agents negotiating contracts on your behalf, right? So you need to work with a supplier. You need to work with a partner. Think about you know, industries like logistics or even in supply chain, for instance, you know, when you need to work with so many different parties and agents working on your behalf autonomously, it is both, you know, mind blowing in terms of the potential it has, but also from a security point of view, you know, a nightmare, let’s say for the chief digital officers or the CIOs. So again, I mean, I think, you know, well, there’s so much potential over there as well. think we need to be cognizant of, the risks that these kind of things actually bring to the table as well.
Greg Kihlstrom (22:49)
Yeah. Well, Hayter, thanks so much for sharing all your ideas and insights. Last question for you. What do you do to stay agile in your role and how do you find a way to do it consistently?
Haider Iqbal (22:59)
I mean, agile is like, I wish I could say my middle name, but I mean, when we look at our role, within product marketing, for instance, you know, we need to be extremely nimble in, in what we do, because we have, we’re working in the tech industry, right. And speaking of AI, for instance, you know, literally from one day to the other, things are evolving. Things are evolving in the sense in terms of the markets that we address, but in terms of the way that we work as well.
So I think agility for me, especially in the tech world, is being very open in terms of being able to try and fail fast, essentially. Having that mindset is absolutely crucial in the world as well. So that’s, I think, one of the core things when I think about agility within my own team, to actually address the future.
