As businesses increasingly rely on smartphones as core workforce productivity tools, securing and managing all those mobile devices, apps and data has become a growing challenge for IT teams.
On the security front, mobile devices by their very nature pose unique challenges — including greater risk of being lost or stolen — while the threat of mobile malware continues to increase in complexity and scope. On the device management front, IT teams have been stretched thin by the mounting workload of supporting smartphones and tablets in addition to traditional PCs and infrastructure. Even in organizations that have opted for a Bring Your Own Device (BYOD) approach to mobility, the responsibility has fallen on IT managers to ensure workers can safely access business apps and data on personal devices.
How Samsung Knox Helps
Samsung has invested considerable resources over the past seven years in building out a full enterprise mobile security and management stack. Introduced first on the Galaxy S4 in 2013, the Samsung Knox platform has set the standard for mobile security, receiving top ratings from industry analysts and certifications from multiple government agencies, including the U.S. Department of Defense.
Less well-known are the device enrollment and management tools included in the Knox Suite. Integrating closely with Knox’s platform-level security, licensed solutions like Knox Manage and Knox Platform for Enterprise provide IT departments powerful capabilities that can save time and avoid headaches associated with new mobile initiatives.
1. Hardware-based security
Samsung mobile devices are designed with security at the core. From the moment the phone or tablet first powers up, Samsung Knox provides defense-grade security that leverages processor architecture known as TrustZone to isolate sensitive computations and security certificates. If malware attempts to alter the kernel of the device’s operating system (OS), real-time checks will detect the change and immediately block access to sensitive data. This is the firm foundation on which the Knox security and management stack is built.
2. Advanced data protection
Enterprises in regulated industries with stringent security requirements can go above and beyond this foundation with Knox Platform for Enterprise (KPE), which provides a robust set of features on top of the core Android Enterprise platform, filling security and management gaps and meeting the strict requirements.
KPE protects data at rest using sensitive data protection (SDP). Data is encrypted both when the device is locked and when it is powered off. It provides further protection by allowing enterprise data to be isolated in secure app/data containers, such as Work Profile, which can be managed with security policies separately from the rest of the device.
KPE with Dual Data at Rest (DualDAR) adds two separate layers of encryption — an inner layer and an outer layer — to enable devices to be used in the most stringent of data security environments. And, because Knox DualDAR works on both BYOD and company-issued devices, IT admins can protect corporate data in any use case.
3. Cloud-based EMM
In addition to close integration of Knox with third-party enterprise mobility management (EMM) solutions, Samsung offers its own affordable cloud-based EMM called Knox Manage.
Knox Manage makes EMM easy. From an intuitive cloud-based console, IT admins can remotely manage a fleet of devices to ensure company data is protected.
Knox Manage provides:
- An easy-to-use quick start wizard for simple device setup
- The core controls you need to effectively manage your device fleet, including managing apps, content and device features such as connectivity
- Device management based on predefined events, such as blocking access to cameras on employee phones during work hours
- Ability to use Android Enterprise fully managed and work profile modes
- Full support of Knox Platform for Enterprise, Knox Mobile Enrollment and Knox E-FOTA
- Real-time device monitoring enables location tracking (with employee consent) and messaging device owners without needing their phone numbers
If an employee encounters a problem while out of office, they can authorize IT admins to remotely access their device for easy troubleshooting. This allows IT admins to quickly help employees get back to work. And if a device is reported lost or stolen, IT can remotely locate it, lock it and wipe its content.
Samsung also provides an easy, surefire way to register new mobile devices in your EMM with Samsung Knox Mobile Enrollment (KME), a free, zero-touch deployment service that allows you to automatically enroll devices the moment they power up. End users can skip setup wizards or additional account registrations to get up and running faster. With KME, you can ensure devices stay enrolled in corporate EMM systems. If an end user or malicious actor performs a factory reset or uninstalls the EMM agent from the device, KME will automatically reinitiate the enrollment process. Separately, IT can disable Android factory reset protection so that devices can be recovered even if credentials are lost.
The Samsung tool set also includes Knox E-FOTA, which provides greater control over software updates, giving your business the power to validate, approve and deploy OS versions used across your device fleets. You can test and validate new firmware updates in advance to uncover potential compatibility issues between the new firmware and your business applications. You’re also in control of when your approved OS or security updates get rolled out to your enterprise’s mobile devices. Schedule deployments by device group and at a time of day that minimizes business disruption. Knox E-FOTA also allows you to set other criteria, including access to Wi-Fi connectivity and battery life, so that updates are quick and trouble-free.
4. Custom configuration
As businesses look to use mobile devices to streamline specific business processes or perform specific functions, the need for custom configuration has grown. Knox Configure is a cloud-based solution developed to meet this need, enabling businesses to remotely configure any number of Samsung devices and tailor them to specific enterprise requirements. Configuration can include anything from custom branding of the booting UX, to preloading applications or shortcuts, to restricting access to certain features or creating a fully locked down experience limited to a single app.
Knox Configure lets you deploy the custom profile or “gold master image” right out of the box, so the device will automatically update to the latest configuration when the user first powers up.
5. Advanced biometrics
Relying solely on passwords or patterns to secure your mobile devices leaves them open to attack, which is why, for a complete smartphone security stack, enterprises should leverage biometric authentication to protect sensitive data. Samsung has been a leader in introducing highly secure biometric authentication options, including facial recognition, iris scanning and now the in-display ultrasonic fingerprint ID on newer Galaxy smartphones. Each of these biometric methods offers different advantages and levels of security, and should be evaluated based on your security and user requirements.
Mobile device management for beginners
Get started with MDM so your organization can spend less and do more — securely and efficiently. Download Now
In addition to using biometrics to unlock the device itself, Samsung allows enterprises to leverage biometrics to protect secure on-device containers, as well as to replace credentials in other apps and websites using Samsung Pass.
Defense-grade security for the enterprise
Today’s mobile-empowered workforce needs security that doesn’t get in the way of productivity. The Knox platform is engineered into Samsung devices at the manufacturing stage to enhance the Android platform for the enterprise. Knox keeps working to secure your device and data at all times, with security features to safeguard against risks when smartphones, tablets or wearables are powered off, during run time and during the boot-up stage.
The Samsung Knox platform is the backbone for a full range of software and solutions for IT administrators and developers to customize, create, deploy and manage purpose-built security at scale in the enterprise.