By Bob Gourley
Samsung KNOX is the kind of comprehensive game changing security and mobile risk management solution the community has been calling out for. It was one of the features announced at today’s rollout of the Samsung Galaxy S4. There are several sources of information on the capabilities of this system, including:
- A press release by Fixmo: Samsung Partners with Fixmo for Global Rights to Embedded Mobile Security Software MOBILE WORLD CONGRESS, Barcelona, Spain —February 25, 2013
- Reporting by Wired on the event: Samsung Announces Galaxy S4 With 5-Inch Display, Built-In Translator
- And the Samsung info page at: Samsung KNOX
Samsung KNOX is the comprehensive enterprise mobile solution for work and play. With increasing use of the smartphones in business, it addresses mobile security needs of enterprise IT without invading privacy of employees.
- Platform Security
Samsung KNOX addresses platform security with a comprehensive strategy.
- Application Security
Samsung KNOX addresses security requirement for enterprise applications and data.
- Mobile Device Management
Samsung KNOX works with enterprise preferred MDM vendor solutions.
- Samsung KNOX for Enterprise
Samsung KNOX provides reassurance and convenience for IT departments looking to implement and manage Bring Your Own Device (BYOD) strategies.
Samsung KNOX addresses platform security with a comprehensive strategy: Hardward baked in Secure Boot, ARM TrustZone based Integrity Measurement Architecture and Kernel with built in Security Enhanced Android Mandatory Access Controls to secure the system.Secure BootSecure boot ensures that only verified and authorized software can run on the device. Secure boot is one of the main components that forms the first line of defense against malicious attacks on devices with KNOX solution.Security Enhanced AndroidSE Android provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements. It isolates applications and data into different domains so that reduces threats of tampering and bypassing of application security mechanisms and also minimizes the amount of damage that can be caused by malicious or flawed applications.TrustZone-based Integrity Measurement ArchitectureTIMA runs in the secure-world and provides non-by passable, continuous integrity monitoring of the Linux kernel. When TIMA detects that the integrity of the kernel or the boot loader is violated, it takes a policy-driven action in response. One of the policy actions disables the kernel and powers down the device.
In addition to securing the platform, Samsung KNOX solution addresses enterprise application and data security require-ments. KNOX container provides security for enterprise data by isolating enterprise applications and encrypting enterprise data both at rest and in motion.KNOX ContainerKNOX Container is an isolated and secure environment within the mobile device, complete with its own home screen, launcher, applications, and widgets. Applications and data inside the container are separated from applications outside the container. This enables a powerful solution for the “data leakage problem” associated with the BYOD model.Encrypted File SystemKNOX container uses a separate encrypted file system completely isolated from applications outside the container. The data is encrypted using an Advanced Encryption Standard (AES) cipher algorithm with a 256-bit key(AES-256).Virtual Private NetworkKNOX container offers on demand FIPS certified VPN client. KNOX VPN client profiles are pushed by enterprise. In addition, enterprise can also select which apps inside the container are required to use the VPN. The VPN automatically starts when a user launches any of enterprise designated apps. KNOX container VPN offers support for strong IPSec VPN encryption for most sensitive government agencies, including support for Suite B cryptography.
Mobile Device Management
Samsung KNOX works with enterprise preferred MDM vendor solutions and provides industry leading security and management controls.
Samsung KNOX for EnterpriseSamsung KNOX for IT Managers
Data leakage, malware & malicious attacks: comprehensive protectionSamsung KNOX is security hardening of Android from ground up and protects the enterprise data and applications. It prevents from system exploits and devi-ce compromise. Lightweight and compatible with the existing enterprise infrastructure such as MDM, VPN and directory services, KNOX provides reassurance and convenience for IT departments looking to implement and manage Bring Your Own Device (BYOD) strategies.Samsung KNOX for Employees
Using personal mobiles for workSamsung KNOX offers a seamless and intuitive dual-persona platform for at work and at home. KNOX container comforts users as their privacy and personal properties are in tact.Samsung KNOX for Partners
Samsung KNOX – an easier way to manage mobilesSamsung KNOX enables existing Android eco-system applications to automatically gain Enterprise integration and validated, robust security with zero change to the application source code. Samsung KNOX relieves application developers from the burden of developing individual enterprise features such as FIPS compliant VPN, on-device encryption, and Enterprise Single Sign On (SSO).