As more employees bring their smartphones into work,
enterprises are becoming interested in the security threats this may pose to
sensitive company information. Samsung
KNOX is a solution for Android devices that addresses these concerns by
securing sensitive company information without invading the privacy of an
employee’s personal data.
The goal of Samsung KNOX is to allow business and personal
related content to exist on the same device.
This is achieved by creating a separate, virtual container, which
operates in an isolated environment within the device. This container has its own home screen,
launcher, apps, and widgets. It also
uses an encrypted file system that is inaccessible to applications outside the
container. For example, if a picture is taken
while inside the KNOX container it can only be viewed within the container and is
not visible otherwise.
In order to secure the Android platform at the hardware
level Samsung KNOX provides kernel verification, which only allows authorized
software to boot up the device. KNOX
also provides continuous monitoring of the kernel so that malicious software cannot
tamper with either the kernel or boot loader. In order to secure the Android applications
Samsung KNOX offers an app wrapping service that repackages the code with
secure code and certificates that allow it to function in the KNOX container.
Only wrapped apps can be loaded into the KNOX container.
From an IT administrator’s perspective Samsung KNOX
integrates with many mobile device management vendors. This allows admins to easily implement
existing enterprise policies to employee devices. Secured
apps can also be distributed through corporate app stores allowing admins to
control network permissions within the app. Lastly, admins can use per-app VPN services
preventing personal apps from bogging down company server traffic.
Overall Samsung KNOX can be a useful tool to address the
growing popularity of “bringing your phone to work” by allowing both personal
and corporate data to securely exist on the same device. This service is offered for Android devices
in order to mitigate the security risks that are associated with the Android
OS. Support for Samsung Knox is
currently limited to the Galaxy S and Note lines, but the list of supported
devices is expected to grow.