Employees are connecting their mobile devices to insecure wireless networks, so how do you avoid possible data theft? One way is to isolate personal data from business data.
If your company deploys Samsung devices, some of those devices might contain a feature called Samsung Knox, which is a technology that enables business and personal content to securely coexist on the same handset.
This cheat sheet is an easy way to get up to speed on Samsung Knox. We'll update this guide periodically when news and updates about Samsung Knox are released.
- What is Samsung Knox? Samsung Knox is an underlying system that enables personal and business data to exist on the same Samsung device, while keeping the data isolated.
- Why does Samsung Knox matter? Now that so many people use their mobile devices for work it is imperative that sensitive company information not be at risk for loss or theft. Without a framework for isolating business data and personal data, there's no way to prevent careless usage to lead to data theft.
- Who does Samsung Knox affect? Samsung Knox affects business users with a Samsung flagship device, such as the Galaxy S7. Samsung Knox goes well beyond affecting end users—this technology could be the deciding factor when a business opts to deploy smartphones to staff.
- When is Samsung Knox happening? Samsung Knox was announced in February 2013, and it has been steadily improving and spreading its reach ever since.
- How do I start using Samsung Knox? To gain the benefit of Samsung Knox, you must use one of the many supported Samsung devices as well as the My Knox application. For all new Samsung devices, Samsung is recommending users migrate to Secure Folder; the Galaxy S8 and S8+ include this app by default. Galaxy S7 and earlier devices can install Secure Folder from the Samsung Galaxy Apps on your device.
SEE: Samsung Galaxy S8 and S8 Plus: The smart person's guide (TechRepublic)
What is Samsung Knox?
Samsung Knox is a security layer found on numerous Samsung devices that isolates personal and business data. This added layer essentially gives the user a personal device and a business device—all on the same hardware.
Only by entering a user-created password can the business layer be accessed. The Knox password is separate from the standard lock screen password, so it can also be considered an added layer of security.
In addition, when using the business layer, only certain applications can be accessed. By default, the apps that can be accessed are Camera, Gallery, Downloads, Email, S Planner, My Files, Phone, Contacts, and Internet (the Samsung-branded web browser).
Samsung Knox is comprised of three components:
- Hardware (Samsung Knox-compatible devices)
- Software (My Knox, found on the Google Play Store)
- Service (Knox-compatible mobile management server)
In order for Samsung Knox to function, the first two of these components must be in place. For businesses, the addition of the service will be critical in managing Knox-enabled devices. The service is not a requirement, but it does extend IT's management capabilities of a Knox-enabled device. Note: The service will incur a monthly fee; the fees will vary depending upon which service platform you use. Knox Premium is the cloud-based, cross-platform enterprise mobility management solution that supports Knox; see the list of Knox Premium services.
Another very important aspect of Samsung Knox is that it integrates with Android for Work. Samsung Knox increases the security of Android for Work Profiles by way of such modifications as:
- Real-time Kernel Protection (RKP)
- DM-Verity malware checks
- Trusted Boot
To see the complete listing of how Samsung Knox integrates with Android for Work, check out the Android for Work on Knox devices page.
- Knox integration could be the key to Android in the enterprise (TechRepublic)
- Samsung Knox isn't as secure as you think it is (TechRepublic)
- Google Project Zero: How we cracked Samsung's DoD- and NSA-certified Knox (ZDNet)
- Samsung Galaxy S to Galaxy S8: How the Android flagship smartphone has changed its look (ZDNet)
- Samsung Galaxy Note7: The smart person's guide (TechRepublic)
- Samsung Galaxy S7 isn't sexy, but delivers value on security and business features (TechRepublic)
- Knox-enabled Galaxy devices approved for US classified use (ZDNet)
Why does Samsung Knox matter?
In October 2014, the US National Security Agency (NSA) approved Samsung Galaxy devices running Knox under a program for quickly deploying commercially available technologies. This broke with the NSA's long-standing BlackBerry-only approach and effectively declared Knox-supported Samsung devices fit for government work. That was a big win for Samsung and should go a very long way to describe why Knox matters: Security.
With Samsung Knox you gain an added layer of encryption that is applied when you use Knox-enabled email, messaging, and internet searches, and even when taking pictures through the camera. This is especially important considering more and more companies are opening up to BYOD; when users bring their own devices to work, those devices need to be as secure as possible. With Android, you'd be hard-pressed to find a more secure platform than the combination of Android for Work and Samsung Knox.
SEE: Ebook: Reducing the risks of BYOD in the enterprise (TechRepublic)
Another benefit to using Samsung Knox is the My Knox portal. With this tool, a user can access their data from any web browser, as well as locate a lost device, change the Knox password, or even perform a secure wipe if their device winds up lost or stolen.
Samsung Knox is especially important when you work in a sector that requires the strictest security profiles, such as finance, government, or healthcare.
Samsung Knox has been certified by the following:
- US Department of Defense
- Common Criteria
- FIPS PUB 140-2
- Finland (Finnish Security Auditing Criteria)
- ISCCC (International Safe Community Certifying Centre)
- UK National Cyber Security Centre
- Netherlands AIVD
- State Standard of the Republic of Kazakhstan
- Ebook: Executive's guide to mobile security (TechRepublic)
- 5 mobile security precautions nobody should ignore (TechRepublic)
- Video: How to protect your company data while traveling (TechRepublic)
Who does Samsung Knox affect?
Samsung Knox only affects businesses and business-class users, and any company looking to gain an edge on mobile security should take a serious look at it.
Business managers and company IT staff need to be fully aware of what Samsung Knox is, how the technology works, and how to manage deployed devices. Having a solid understanding of Samsung Knox might be the deciding factor for which mobile devices a company deploys.
Consumers need not bother with Samsung Knox.
- BYOD (bring-your-own-device) policy (Tech Pro Research)
- 10 ways to reduce insider BYOD threats (TechRepublic)
- Why an eye scan could soon unlock Samsung and Apple phones (TechRepublic)
- Quick Tip: Take advantage of Samsung's Ultra Power Saving Mode (TechRepublic)
- Can we achieve a better, more effective digital workplace? (ZDNet)
When is Samsung Knox happening?
Samsung Knox was announced in February 2013. By 2014 the Galaxy S4, Galaxy S5, Galaxy S6, Galaxy S7, Galaxy Note 3, and Galaxy Note 10.1 were approved to work with this technology. (For a complete list of Samsung Knox-supported devices, check out this official site.) Shortly after the approval of the initial devices, Samsung Knox gained the approval of the NSA and the US Department of Defense.
Samsung Knox has come a long way since its first release. Initially, many Mobile Management Entity (MME) providers offered no support for the technology, and now the list of Knox Workspace supported Mobile Device Managers (MDMs) includes:
- Samsung SDS
- Microsoft Intune
- Video: How to scale the Android display (TechRepublic)
- Android Security Bulletin March 2017: What you need to know (TechRepublic)
- Android Nougat: The smart person's guide (TechRepublic)
- Google releases Android O developer preview with improved battery life, notifications (ZDNet)
How do I start using Samsung Knox?
You must have a Samsung Knox-supported device. Then, you need to install the My Knox application from the Google Play Store. Once the app is installed, you will be asked to set a password for Knox so you can switch between the personal and business layers. With the app installed and the password set, you can switch between layers by tapping the Knox icon in the notification shade and entering your Knox password. You will do the remainder of your setup (e.g., configuring your work email and selecting what apps are isolated within Knox) through the My Knox application.
Remember that once Knox is set up, no data can be transferred between the personal and business layers—this is by design and cannot be circumvented.
- White paper: Survey on Security Risks in Android OS and an Introduction to Samsung KNOX (Creative Commons paper on TechRepublic)
- How to use Progressive Web Apps on Android (TechRepublic)
- 4 ways to send encrypted messages on Android (TechRepublic)
- Photos: An inside look at Samsung's new battery tests (CNET)
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.