Samsung DeX offers the opportunity for enterprises to go mobile-only by delivering a desktop-like experience that is powered by a smartphone or tablet. When connected to a screen — either via a USB-to-HDMI cable or wirelessly — smartphones with DeX boot up a desktop-style user interface, complete with multiple resizable windows, keyboard shortcuts and other standard PC productivity features. Even better, the mobile device can continue to be used as normal, even while it projects DeX on the monitor or TV.
The possibilities are intriguing for IT managers looking to simplify and reduce the number of desktops and laptops in their fleet or support an increasingly remote workforce. But adopting DeX for desktop productivity raises another question: What about security?
The short answer is, it shouldn’t matter. The smartphone doesn’t fundementally change because you extend the interface to a monitor and pair a keyboard with it, so whatever security configuration and risk mitigation strategy you’ve designed for a Choose Your Own Device (CYOD) deployment doesn’t change if DeX is in the picture.
However, as security practitioners know, it always matters. The way the device is used changes: different apps, different use patterns, different network connections. And anytime there’s a change, security should take another look to make sure old assumptions still hold. So what are the key points for information security managers to look at? Here are a few places to start:
1. Check your devices’ security profile again
Absolutely the first place to look is your device security settings. There’s no special magic here, but rechecking assumptions on authentication (biometrics should be required, for example), application store restrictions, allowlist/blocklist settings and patching requirements and schedules should all be first on your list when scrolling through your mobile device management (MDM) or enterprise mobility management (EMM) policy settings.
Go mobile-only with Samsung DeX
Your comprehensive guide to rolling out a mobile-only solution for your workers. Download Now
If you haven’t enabled a dual data profile solution like Samsung Secure Folder, now is definitely the time to reconsider. Keeping organizational applications and, more importantly, their data separated from home uses is more important now than ever before.
2. Make sure policies are updated
If your CYOD policy and security profiles were put in place assuming a fairly casual use of mobile devices, definitely take a quick look at the policies themselves. With increased risk comes increased responsibility, and — as with security profiles — assumptions that were made when the CYOD or even Bring Your Own Device (BYOD) policy was laid out may not hold true anymore.
It can be simple things, such as cost reimbursements and stipends that need to change, but you should also look at any policies regarding safe use of devices and physical security, such as rules regarding device loss reporting.
Good CYOD policies also tie in with acceptable use, data protection and information security policies, so checking all of these fundamental documents to be sure they’re up-to-date for this new use is important — and shouldn’t take a lot of time.
3. Get a bird’s eye view
When smartphones and tablets are used with DeX, they act a lot more like desktop and laptop PCs, so they will probably be connected directly to enterprise networks when they’re in the office or virtual private networks (VPNs) for as long as your workforce is remote or blended, rather than pass through a carrier’s data network.
Now is a good time to look at how you want to engineer your internal networks. Old topologies that treated most desktop PCs as “trusted” devices with relatively few restrictions have fallen heavily out of favor with information security architects. If you haven’t already reviewed and redesigned your in-building wired and wireless local access network (LAN) or VPN to add more security controls and barriers, this is an excellent time to do so. There’s nothing particularly insecure about adding smartphones with DeX to your LAN; in fact, they may be more secure than their Windows PC brethren. But a DeX rollout is a good opportunity to step back and see if your LAN is properly secured using current security thinking and design paradigms.
While you’re looking at security, don’t forget to also look at the capacity of the Wi-Fi network. Mobile devices running DeX can be wired (using a multiport adapter with an Ethernet port) or wireless, so if you choose wireless access for the higher security it offers, check that your Wi-Fi network is tuned up and can handle the increased load.
4. Take advantage of DeX security settings
Additional DeX security and management options are made available within Samsung’s Knox device management tools and some third-party EMMs. These include the ability to force the use of Ethernet (incredibly valuable for highly-regulated industries), set static IP addresses and limit applications. Additionally, there’s still control over configuration, enrollment and management.
Security is another area where smartphone vendors have learned from their desktop cousins. Samsung’s Galaxy smartphones are equipped with a full toolkit of security features and capabilities, including:
- Application sandboxing
- Work/home protected application containers
- Trusted execution environment (TEE) hardware
- Full-disk encryption
- Biometric sensors
- Mandatory access controls
- Tight integration with MDM/EMM agents
It’s not a question of adding, upgrading or installing apps or tools — this is how Samsung Android phones and tablets with Knox come out of the box. With a stronger platform come fewer security incidents, tighter control on application-based malware and a better approach to end-user computing security.
5. Don’t forget the importance of uptime
Most information security managers spend a lot of time focusing on confidentiality and integrity of data and applications, but don’t forget there’s a third leg to that stool: availability. If a smartphone isn’t available, then your mobile worker isn’t getting any work done.
Make sure you have a plan in place to deal with the inevitable device loss and damage scenarios that come naturally with any smartphone deployment. This means having spares ready, on hand and set up for quick deployment, but also knowing what you’re going to do if someone calls while on the road, or even at home, and needs a device replacement fast.