Security can no longer be an afterthought when it comes to the computing devices used by your company — and this is why Samsung Knox, which is built into Samsung Galaxy smartphones from the chip up, is the best choice for protecting your work phones.

Samsung Knox offers enterprises defense-grade security at a time when businesses are facing unprecedented levels of threat from hackers. Its multi-layered approach led Gartner to give it “strong” ratings across 25 of 28 categories in their 2017 report.

Here’s a look at the ways Knox protects your data — including some new features implemented in the latest update.

The Full Stack

From the minute your smartphone is powered on, you know it will keep your device safe, thanks to a multi-layered approach to security that begins in the factory.

Samsung creates a device root key and a device-unique hardware key at the point of manufacture. These are public/private key pairs, unique to each device, that are created and stored in a part of the CPU known as the Trusted Execution Environment (TEE). Access to this zone and the information stored on it is tightly regulated.

These keys form the basis of the rest of the features which Samsung provides through its security platform.

As a device boots up, in order to ensure each component came directly from Samsung, a secure boot certificate is used. These digital certificates are created by Samsung at the factory and stored in the TEE. They are used to verify digital signatures on software, specifically boot components.

Taken together, these hardware-based security checks are known as the hardware root of trust.

Trusted Boot

While Secure Boot can ensure the software loading on a phone has come from Samsung, it cannot distinguish between a bootloader with a known vulnerability and a later, patched version. This is where Trusted Boot comes in. This checks each module in the booting process to ensure they are valid, and to add another layer of protection, it will also blow a tamper-evident fuse if it detects an unauthorized modification.

At this point, Android is now up-and-running, and while the OS conducts its own set of checks to ensure the software being loaded has not been tampered with, Knox provides an additional layer of protection with its TrustZone-based Integrity Management Architecture (TIMA).

TIMA, which runs inside the protected TEE, provides a wide variety of security services, including attestation, a trusted user interface, KeyStore and Client Certificate Management, as well as real-time kernel protection (RKP) and periodic kernel measurement (PKM).

The protections afforded by Knox extend all the way up to the application layer. The platform allows for the easy separation of personal and work data through containerization. For those working in highly regulated industries, such as government or finance, Knox Workspace provides an encrypted container to isolate business applications and data. All information, whether personal or business, is encrypted using the cryptographic keys stored in the hardware.

New Features

As the Knox platform has evolved, it has always sought to respond to the needs of customers who use it to protect their most valuable data. To that end, Knox 3.1 has added some key updates.

With the release of the Galaxy S9 and S9+, the platform has now aligned more closely with Android Enterprise. This means there’s no longer the need to choose between one or the other, as overlapping capabilities have been aligned with new APIs to provide business customers the best of both frameworks. It also means that developers creating enterprise mobility management (EMM) solutions will have to create just one version of their app.

As mobile working gains popularity, protecting the mobile-powered desktop — such as that provided by the Samsung DeX platform — will become a crucial component of any business’s security plan.

The latest update provides the assurance that the security protections provided on your smartphone are extended automatically to the DeX experience. It will also give IT more control over the DeX experience allowing them to easily whitelist or blacklist various apps, check when devices are docked and choose which apps populate the home screen when DeX is enabled.

Threats are constantly evolving and therefore in order to protect against them, security solutions also need to be constantly updated. That’s why the platform offers regular monthly updates to protect users from the latest threats while adding new capabilities for enterprise customers with every release — so your devices remain protected long after their initial boot.

This level of care and attention is why Samsung Knox is consistently rated at the top of its field. With the dependability to keep your data safe, and the flexibility to customize for your enterprise, it’s the perfect fit for the modern connected business.

Gaps in enterprise security can be devastating. Take our mobile security assessment to find out if your company is covered — and how you can stay ahead of the curve.