Mobility

Samsung gets serious about data security with KNOX

Jack Wallen takes a look at Samsung KNOX, a comprehensive and secure mobile solution for the enterprise.

The word "Knox" usually brings up images of Fort Knox -- that impenetrable fortress of solitude that has served as the Department of the Treasury's Bullion Depository. So, naming an app that's sole purpose is to secure data from prying eyes is apropos. Once you understand the specific purpose of KNOX, the meaning becomes even more clear.

Samsung is a company that's fully aware of trends and business needs, and it understands there's a growing sector of people who use their mobile devices for both personal and professional reasons. Some might call that Bring Your Own Device (BYOD), while others consider it Standard Operating Procedure (SOP). Regardless of the acronym, the world is definitely growing more mobile. Thus, there's a special need to segregate personal and business data.

There are applications in the Google Play Store that do just this. One application is Divide. Although Divide does a good job with the task, in comparison to what KNOX promises, it falls way short.

These types of apps and systems attempt to place a barrier between personal and business data. In some instances (such as with Divide), the user experiences a completely different home screen (so there's no doubt which data is being used). Samsung, however, plans on taking this to an entirely different level with KNOX.

What is KNOX?

The very foundation of KNOX relies on two crucial pieces:

  • Secure Boot
  • Security Enhanced (SE) Android

Secure Boot prevents any non-verified -authorized applications from running on the device. This feature will go a long way to ensure malicious code cannot be run to compromise company data or attempt to access company resources.

SE Android provides the mechanism to isolate applications and data into different domains to reduce tampering and the bypassing of application security. It also works to prevent any damage to sensitive data caused by malicious software.

KNOX also uses what Samsung is calling TrustZone-based Integrity Measurement Architecture (TIMA), which serves as an integrity check on the Linux kernel. When TIMA detects that the integrity of either the boot loader or the kernel has been compromised, it takes action based on specific policies (such as disabling the kernel and powering down the device).

From the end-user perspective, KNOX will simply be a launcher on the home screen that opens a KNOX container and allows the user access to:

  • Email
  • Browser
  • Contacts
  • Calendars
  • File sharing
  • Collaboration
  • CRM
  • Business Intelligence (BI) applications

Each of the enterprise applications (above) are isolated and encrypted -- both when in use and not. For encryption, KNOX uses a separate system (outside of the containers) with 256-bit key (AES-256) encryption.

For remote connectivity, KNOX employs an on-demand FIPS-certified VPN client. The VPN profiles are pushed out by the enterprise client. When a user opens an application that requires the use of a VPN profile, KNOX automatically launches the profile.

Samsung KNOX, from the ground up, protects enterprise data from being compromised and from exploits. For IT administrators, this means less worry about data leakage and network security breaks. For end users, it means not having to deal with cumbersome interfaces that prevent efficient work flow.

In the coming months, the business world should look forward to a combination of KNOX and the Galaxy S4 to re-define the mobile device for the enterprise. If you're looking for serious security on mobile devices, Samsung will probably be the go-to company.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

9 comments
acaaleks
acaaleks

Everything mentioned about KNOX has always existed with Blackberry phones. Why are you not giving any credit to Blackberry?

HAL 9000
HAL 9000

While Linux is [b]Secure By Design[/b] Droid which is built on Linux has a problem in the App Store, where the very things that the users want on their Phones are exactly what cause the problems. You can never build a Secure OS which then allows the End User to install Problem Software. While the OS itself is very secure when you install Apps Willy Nilly and do not take notice of the things that are allowed you are installing problems, which many call Malware but in reality its the end user allowing their unit to be compromised. It's one of the problems with wide spread adoption of Linux in any form, where End Users can install what they think they need and the down-loadable Apps are not properly checked for their ability to Compromise the Basic OS itself properly. I tend to agree here Blackberry is still the most secure simply because RIM or whatever they call themselves today control their Ecosystem far better than either Apple with their iOS or Google with their Droid Mobile Systems. While Samsung may be currently the Most Secure Droid System with Knox, they are still trying to improve on what is a Bad Design to begin with. Of course naturally a Samsung Knox without any Apps installed will be the most secure Droid system on the planet and will be nearly as secure as a Blackberry, if not equal, but the moment that End Users are allowed to start installing Apps that have not been checked properly the system breaks down and there is no way around that unfortunately. Col

th3_sniff
th3_sniff

I like my phone MY WAY, just like my computer.

Gisabun
Gisabun

"If you’re looking for serious security on mobile devices, Samsung will probably be the go-to company." No mastter what anyone says, Blackberries are still the most secure. As for Andoids, since thewre is so much malware attacking the OS, you can't really call it secure. Even this SE Android will have problems [maybe not as much as without the "SE" but still plenty].

HAL 9000
HAL 9000

Don't run the Android OS I suppose. ;) Col

acaaleks
acaaleks

Although it took people reminding you,it is good that you are now acknowledging BB as the most secure OS :)

HAL 9000
HAL 9000

There is a Reply Link under the post and clicking on Reply to my post in no way implies that you are replying to anyone but me. ;) Col

acaaleks
acaaleks

I was referring to "Gisabun" who corrected your omission of BB one day before you first posted about BB's ecosystem in this conversation string.What and when I posted here is very relevent, because the substance of my comments were about the points brought up by Gisabun.As such,my post is very relevant,and I feel that by you saying "before you even posted here" is a slight to make me feel unwelcome and not relevent. :(

HAL 9000
HAL 9000

[i]I tend to agree here Blackberry is still the most secure simply because RIM or whatever they call themselves today control their Ecosystem far better than either Apple with their iOS or Google with their Droid Mobile Systems.[/i] Somehow I think that covers BB before you even posted here. ;) Col