Samsung KNOX Helping to Increase Enterprise Security

As more employees bring their smartphones into work, enterprises are becoming interested in the security threats this may pose to sensitive company information.  Samsung KNOX is a solution for Android devices that addresses these concerns by securing sensitive company information without invading the privacy of an employee’s personal data. 

The goal of Samsung KNOX is to allow business and personal related content to exist on the same device.  This is achieved by creating a separate, virtual container, which operates in an isolated environment within the device.  This container has its own home screen, launcher, apps, and widgets.  It also uses an encrypted file system that is inaccessible to applications outside the container.  For example, if a picture is taken while inside the KNOX container it can only be viewed within the container and is not visible otherwise.

In order to secure the Android platform at the hardware level Samsung KNOX provides kernel verification, which only allows authorized software to boot up the device.  KNOX also provides continuous monitoring of the kernel so that malicious software cannot tamper with either the kernel or boot loader.  In order to secure the Android applications Samsung KNOX offers an app wrapping service that repackages the code with secure code and certificates that allow it to function in the KNOX container. Only wrapped apps can be loaded into the KNOX container. 

From an IT administrator’s perspective Samsung KNOX integrates with many mobile device management vendors.  This allows admins to easily implement existing enterprise policies to employee devices.   Secured apps can also be distributed through corporate app stores allowing admins to control network permissions within the app.  Lastly, admins can use per-app VPN services preventing personal apps from bogging down company server traffic. 

Overall Samsung KNOX can be a useful tool to address the growing popularity of “bringing your phone to work” by allowing both personal and corporate data to securely exist on the same device.   This service is offered for Android devices in order to mitigate the security risks that are associated with the Android OS.  Support for Samsung Knox is currently limited to the Galaxy S and Note lines, but the list of supported devices is expected to grow.