Samsung's KNOX shows device makers how to improve BYOD security
Corporate IT security needs have increased with the trend of BYOD. Samsung’s KNOX provides a good example for device makers to followBy Terence Ng 02 Apr, 2014
The trend of Bringing Your Own Device (BYOD) among employees and companies has grown a lot these few years, driven both by the desire to cut costs for firms, as well as the employees’ familiarity with their very own devices.
However, this brings along myriad security risks, which are directly related to the diversity of the devices that employees own, as well as the software inside them. For one, it’s not uncommon for many people to run outdated and jailbroken/rooted operating systems on their phones and tablets, exposing them to exploits that will jeopardise data security when they’re connected to corporate networks.
In a prescient move that anticipates this growing trend, device maker Samsung had come up with its KNOX security platform about two years ago. Named after famous American gold vault Fort Knox and first unveiled at Mobile World Congress 2013, KNOX has incorporated many lessons Samsung has learnt from its old SAFE mobile enterprise security solution, which was introduced in 2011.
As one of the world’s first hardware-based mobile security solutions, Samsung’s implementation of KNOX offers many lessons for hardware manufacturers seeking to capitalise on the BYOD trend by providing their own enterprise security solutions. Here, we list three factors that make KNOX useful for both large organisations as well as tiny startups.
Have solutions that span the entire Android stack
Being a device maker, it is easy for Samsung to gain access to the firmware and hardware levels of their devices. In collaboration with Google, Samsung has developed KNOX to encompass the almost every aspect of the Android system (“stack”) installed in their devices, from the application container itself level all the way down to the hardware level. This can be seen in the diagram below.
The result of such deep integration is enhanced security. According to Samsung, many mobile security solutions stop short at the application or at most the kernel level, meaning that the underlying boot loader is unaffected. Clever crackers can bypass such security features by installing a cracked version of the Android OS, gaining access to the corporate network and the chance to wreak all sorts of havoc.
By controlling the boot loader, KNOX automatically deactivates itself whenever it detects an unauthorized change in OS. This ensures that only clean, KNOX-enabled devices are allowed access to corporate networks, reducing the chance of rogue programs entering the system.
Enforce privacy by keeping work and play separate
Apart from the corporate needs of security, employees also need the reassurance of privacy, that their employer will not spy on their personal data. How KNOX takes care of this through its application container, which creates separate environments for corporate and personal uses. While companies can control user and app settings for the corporate environment, they will have no access to the personal environment, which is entirely kept within the control of the employee.
The photo above shows the different environments of Samsung KNOX, the closed enterprise one used to access the corporate network on the left, and the personal environment for private texts and data on the right. Note that the enterprise environment has a tiny yellow lock image on the bottom right corner of the icons, showing that these apps are secured and can thus be allowed to access the corporate network.