When it comes to mobile security, financial services organizations face unique circumstances that can make life difficult. Because they deal with confidential customer and corporate financial information, they must be careful about any new technology that’s introduced into their workspace. Otherwise, they could expose sensitive financial data to a security risk.
What’s more, financial institutions have several employee types and structures that require different security levels. Traders, bankers and IT administrators have very different jobs, so it doesn’t make sense to give them the same level of security access —they need custom security profiles. This puts the onus on IT to balance the latest technology with the latest security, while figuring out how these complex needs and requirements fit safely into their infrastructure.
Who’s in Your Basement?
For the finance industry, finding the right mobile device makes all the difference in data protection. Many employees have unlimited access to sensitive financial and customer data, and that data is often accessible by business apps and other corporate-owned information on their smartphones — the data traveling over potentially unsecure WiFi networks. Yet when working with finance customers, I’ve noticed a tendency to assume — based on appearances — that all devices are created equal. They’re not.
A simple analogy can explain why it’s important to dig beneath the surface. To better understand their similarities and distinctions, think of smartphones as two-story houses. From the curb, these “houses” look protected. Your front door has solid security features, so you’re not worried about anyone entering that shouldn’t. Same with the windows — they’re locked down so that you feel safe and comfortable.
There’s another similarity between all smartphones that you may not know about: like many houses, all smartphones have a “basement,” but unlike Samsung, other manufacturers do not share with you what’s in the basement — you may not even know the basement exists.
Once someone sneaks into your basement, they’re securely hidden and able to begin the process of digging into your life. In the financial world, intruders might come in through a WiFi network, an email or another unsecured window, accessing your network, your files, your financial accounts and your data, without you ever realizing you have an intruder. If your employee’s mobile devices aren’t adequately protected, apps can access data from other apps, malware can be maliciously installed and unencrypted data can transfer across networks.
Samsung’s device has a basement too — but we document all the details. From the moment the company poured the basement’s foundation, so to speak, a secure element was installed. The phone can look out and see if anyone has entered your basement, but nobody can see in to compromise your house. Anchored in the hardware and from chip-up, Samsung Knox is integrated throughout the software layers to separate data and constantly check the integrity of the device. These defense layers detect any tampering and ensure data is kept secure. This is the power of the Samsung Knox security platform.
Knox is built on the principles of trusted computing and integrates Trustzone Integrity Measurement Architecture, or TIMA, to provide security assurance through live, real time monitoring from the moment you turn on your device. TIMA delivers immediate and automated responses to protect and secure all Knox-enabled applications, including our Knox Workspace and third-party Knox-enabled apps.
Customizing for Different Security Levels
You now understand why comparing a device that contains Samsung Knox to any other device is an apples-to-oranges contest. For financial services firms that harbor sensitive company and customer data, choosing a smartphone with a mystery “basement” is a poor strategy compared to choosing a device that comes equipped with the ability to monitor and measure everything that happens to the phone from the minute you take it out of the box.
Samsung Knox can do even more to help financial firms stay secure, however. Knox allows you to customize a wide range of application programming interfaces to control device features, from enrollment and app installation to connectivity, settings, display and more.
With the Samsung Knox Workspace container, IT can separate work from personal data, creating a secure environment where corporate data can’t be compromised by improper personal use by employees. Knox-Enabled Apps (KEA) are another important tool, especially in BYOD environments, where the IT department may not be able to control a device via MDM or EMM but wants to provide secure, reliable apps to their employees or consumers. KEA provides integration to our secure basement and TIMA, so that individual apps are self-contained and secured even on employee-owned devices.
With these options at their fingertips, financial institutions can create purpose-built scenarios for each part of their workforce. Here are a few examples of how that might look:
- Traders need the highest level of security possible due to their elevated risk scenario in accessing their customers’ financial data. As one option, IT can configure traders’ devices into Knox Workspace container-only mode for maximum data protection, allowing them access only to phone, text and email. With container-only mode, you know that the trader has no access to work-related information and data when using the phone for personal reasons.
Systems Administrators: These individuals need unprecedented access to your IT environment, but they also need the ability to customize access for your employees. Remote device management allows systems administrators to remotely manage and configure your institution’s mobile devices, locking down or providing access to financial information to individuals with custom needs and security profiles. Samsung’s EMM (enterprise mobility management) is a cloud-based service that allows IT to locate devices, set device policies, remotely lock or wipe lost or stolen devices and manage app licenses.
- Finance Employees may be BYOD employees, selecting from a company-approved device list. At this level, IT might choose to custom-configure a wide range of biometric authentication capabilities, whether based on iris recognition, facial scan, fingerprint image or a combination. Work-related applications and data can be separated from personal data, denying access to work-related information and the underlying Android ecosystem.
With a secure mobile platform like Samsung Knox, your “basement” is secure from intruders. All access is locked and protected, with sensitive data protected. By choosing a secure device that offers multiple forms of authentication, such as iris scanning and multifactor authentication, you have a powerful blend of “basement” monitoring to help secure your firms’ devices — plus the ability to customize security profiles for each individual and department.
Learn more about bringing defense-grade security to the enterprise with Samsung Knox.