How single sign-on can help combat the growing threat of mobile malware

By 2020 the projected global population is projects to be 7.8 billion people and at that point it is expected that there will be 11.6 million mobile-connected devices, which equates to more than one device per person. It’s therefore no surprise that the threat of mobile malware is increasing as cybercriminals seize the opportunity to access personal information for monetary gain and damage to both personal and business reputation.

With the exponential growth of mobile devices mobile security risks and the fact that more companies are allowing employees to access business applications from mobile devices, businesses are realising the very real and continual threat that they present to sensitive information.

A mobile device typically forms part of our identity, and in the wrong hands, can provide access to everything from social media, to banking, work and personal accounts. If someone were to gain control of our device, it could have huge ramifications.

According to the latest Nokia Threat Intelligence Report for the first half of 2016 Smartphone malware infections increased by 96% over the year to April 2016; smartphones account for 78% of all mobile infections; with new varieties including HummingBad and YiSpecter.

An acute lack of security and awareness of mobile risks among many businesses means that a large majority of them are still not adequately prepared to protect corporate networks and data from mobile hackers. That said, mobile malware and vulnerabilities are not too dissimilar to the everyday corporate network threats, and since identity management is crucial to most information security strategies, there is no reason why it shouldn’t extend to mobile devices too.

Users accessing services outside the corporate network perimeter also presents an increased risk, as do the large number that carry devices to access these services, passwords alone cannot be trusted to properly and securely identify users. It is imperative that businesses use an SSO solution that embraces mobile in order to prevent the caching and saving of passwords on the device. Consequently if a device is then compromised, there are no passwords to steal.

Mobile SSO Solution Forms Part of Your Identity

Single Sign-On (SSO) enables users to log into an app using a single or federated identity. For consumers this identity can be their social media identity, such as Facebook or Google, while an enterprise identity is typically the user’s Active Directory ID.

Users without SSO must remember complex passwords for each app which often leads to the use of common or easily remembered weak passwords. Either way, the result is a frustratingly fragmented workflow and the need to sign in separately to dozens of different apps during the workday.

A suitable solution should enable you to improve end-user satisfaction and streamline workflows by providing a single identity to access all business apps. It should also unify and deliver access to apps from all end-user platforms—desktops, laptops and mobile devices.

Deploying an EMM solution that allows flexible policy, and contains and manages enterprise apps and data can also protect enterprise data and remove from the device if necessary, without having to “wipe” personal data from the device.

Andy Heather is Vice President at Centrify EMEA