How Samsung's Knox keeps business data private and secure

Samsung's Jonathan Wong explains how defense-grade security keeps the company's mobile platform secure.

How Samsung's Knox keeps business data private and secure

Samsung's Jonathan Wong tells TechRepublic's Dan Patterson that defense-grade security is the key to how Samsung's Knox protects data on its mobile platform. The following is an edited transcript of the interview.

Dan Patterson: There's a lot going on in the new Note 9. A lot of entertainment, really cool interactive business features, there's also some features for business that are critically important. They're not sexy, but when you travel overseas, even when you travel domestically, security is No. 1, the No. 1 priority for business users. And for consumers, I would imagine, but for business, it's top of mind. Knox has seen some iterative updates over the last half decade. Where is the security platform now?

Jon Wong: Knox is fundamentally critically important for us at Samsung, and of course, when we launch a lot of our mobile products, our defense-grade security is built right into our mobile devices, like the Note 9. And, with every iteration, we're making sure we evolve with the security needs of our customers, because security isn't static. We know there isn't just a quick fix, and once you have a solution, it will be always the solution at the time. Is it going to evolve over time? And that's what we do with Knox. It's we're making sure we're ahead of the game, really addressing top-security needs of our highly regulated customers, and, of course, millions of consumers across the world already benefit from having that built-in security with their devices.

Patterson: So when you say defense-grade security, that's important to me. Especially when I'm traveling for work sometimes, I go to other regions in the world that are simply less secure. Especially when I get on Wi-Fi, or on mobile networks, which you should definitely not do. So help us understand. It sounds like jargon. What are the details of defense-grade security?

SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)

Wong: Yeah, so it really starts with having a secure mobile-platform. And to be able to do that, you'd have security all the way at the hardware level. So we have security baked in at the chip-set level, with Samsung Knox, and not just at the hardware, but kind of multi layered, and woven throughout the hardware, the boot-loaders, the software loaders, the actual OS itself, and, of course, the apps and the data. So you need that multi-layered security, to truly be secure, and that's from a platform perspective, but we also make sure we partner and support many leading device management and enterprise solutions to make sure that it's a comprehensive package for our customer. Because security again, it really needs to be looked at holistically. It's not just: you have a secure device, or is your app secure? Or, are there management capabilities? There really needs to be that entire package.

And that's what we're really excited about that we have with Knox.

Patterson: Yeah, and so when we think about holistically, and not just the device, and not just the folder on the device, we have to think about our IT departments as well. Especially when it comes to me, feeling secure, I definitely want my IT department to feel secure. So how does Knox inter operate with maybe my enterprise communication applications, or other things that IT back home can kind of monitor?

Wong: So the biggest thing we want to do from a Knox perspective, obviously then, other than just making sure that there's security in place, is making IT life as easy as possible, which is always a challenge. There's a lot that IT has to deal with, as an organization. But with Knox, we want to simplify IT. Right? A great example of that is, you can have all these great new features and capabilities with your device, but at the end of the day, you have to deploy them, you have to set them up. You have to manage them within a large organization. That's not an easy task, and so from our perspective, not only do we have the security platform, we have Knox solutions that build, on top of that platform, to help provide that.

A great example is with Knox Configure, a great cloud-based solution, that basically allows you to remotely configure provision a device. And it's super easy to do: you just set up the profile, push it down to the devices. And we're not talking about setting up one or two devices. We're talking about thousands, if not tens of thousands of devices. So to automate that whole process, and really have a specific configuration, makes it extremely powerful, but in a simple way for IT.

SEE: Cheat sheet: How to become a cybersecurity pro (TechRepublic)

Patterson: So when we talk about configuration, at least, on my end, the end user, I see a folder on the device, it's called Knox. Do I have to put everything in the Knox folder, or is my device secure no matter what?

Wong: So right out of the box, when you power on the device, again, that Knox platform is built in. So that hardware-level security, that multi-layered security is built in, and we also even go beyond that, with kind of what we call "containers," right? Or ways to kind of separate personal apps and data, from highly sensitive or works app and data, and that's what we refer to as a "container" or a "workspace." And that's very much something we provide with Knox, as well through our own solutions, as well as partnering with other mobile device-management solutions, so, that again, you can actually have both your work and your personal apps and data on one device. It's as simple as just going to the workspace, and having all your apps and data there.

There will be different options and flexibility depending on IT policy as well, of what apps and data can be moved to-and-from, right? The personal zone and the work zone. Obviously, if it's a highly regulated market, it will likely be locked down, to just work stuff in the work zone. And then, in more markets where they're seeing the BIOD trend, or individual liable, there will be more flexibility to be able to access both, and be able to maybe move files to and from.

But what's great, is Knox kind of addresses that whole spectrum, and really puts it in the control of IT, of how they want to operate their business.

Patterson: So maybe, if I'm playing Fortnite, when I should be getting some work done, I can be assured that the stuff in my work folder is still safe and secure.

Wong: Definitely.

Patterson: Help us understand the next steps in Knox. It is not a super sexy space. You can't come out and say, Knox has five million DPI. But it is a critically important space, so what does the future of Knox look like?

SEE: Cybersecurity: How to devise a winning strategy (ZDNet)

Wong: Absolutely. We'll continue to evolve Knox, as security evolves. I guess I mentioned at the beginning, it's not static, it's dynamic. Always changing, it's always evolving. And we need to be always ahead of the curve with Knox. So we'll continue to do that through every update that we do. And whether that's just making sure that we provide more IT controls and management controls, or whether that's compliance reasons. If we have to serve, which we do, very highly regulated markets, whether it's federal government, or financial services. We've got to make sure we're compliant, and that Knox provides that compliancy.

Great example is, you know, message logging, making sure the financial services industry, has that capability. GDPR is a big thing, these days, globally. Not just overseas. So we're making sure we're abiding by that from a privacy and compliance perspective as well. And what's great is again, beyond just again security, Knox is really an enabler. And a great example of that, is how Knox enables even decks. So what we're seeing and what we're doing with our Knox platform is, increasing more capabilities and controls around setting up, configuring, and customizing decks for an organization.

We have all those capabilities for Knox on the phone when you're using it as a phone. But when you're back in the decks' environment, where, you have the bigger screen, keyboard and mouse, we've already got great feedback and are evolving our platform, to meet customer needs where they want to customize the wallpaper, or have certain apps only work in decks, versus how they work on the phone, to even have customization around you know, the boot-up screens of decks, and screen time outs, and all these great kind of controls and capabilities we're providing with Knox, for something like decks. So we're really excited about this evolution.

Also see