Samsung To Release Second-generation Knox BYOD Software
Samsung today announced KNOX 2.0, the company's end-to-end secure mobile platform solution designed to provide data and privacy protection for enterprise users.
The new features better support IT departments looking for reassurance as they implement and manage their Bring Your Own Device (BYOD) strategies.
Samsung said that since October 2013 when KNOX was first commercially available in the market, Samsung has sold over 25 million KNOX-enabled devices and has over 1 million active KNOX users today.
KNOX 2.0 offers a series of core platform security improvements:
- TrustZone-Protected Certificate Management: Device-wide feature that generates and maintains client certificates inside Trustzone with additional support for industry standards such as PKCS#11; allows mobile devices to play the role of the smart card and its readers.
- KNOX Key Store: Generates and maintains encryption keys inside the TrustZone protected environment; allows third parties to utilize encryption for security sensitive applications and makes sure that encrypted data is protected if the system is compromised
- Real-Time Protection for System Integrity: Real-time monitoring that both detects and prevents any unauthorized modifications to the kernel code, critical kernel data and system partition
- TrustZone-Protected ODE: Encrypts the data stored in the device through the TrustZone-protected encryption key, which can be disabled at the detection of system integrity compromise.
- Two-factor Biometric Authentication: Makes container access even more secure by requiring both password and fingerprint verification to authenticate
- Enhanced Generic Framework of KNOX: Supports Per-App VPN functions for SSL VPN solutions such as Juniper, F5 and Cisco while previously supporting them only for IPsec VPN.
KNOX 2.0 supports the majority of Android apps from the Google Play Store. It also supports SE Android policy configurations for third party containers, such as Good's secure container, Fixmo's SafeZone, MobileIron's AppConnect so that these 3rd party containers will receive the same level of HW-based protection as the KNOX container receives. This evolution of KNOX allows for the choice of different types of containers for a more flexible approach to enterprise BYOD strategies. Besides, UMC and SEG make user enrollment process simpler than before since the user profile is pre-registered to SEG by MDM servers.
KNOX 2.0 supports a dual APN capability that can be used to charge the data traffic usage of enterprise applications from that of personal applications. By assigning a different APN to the data traffic of the enterprise container which runs only enterprise approved applications. From that to the personal data traffic, KNOX can allow a telecom carrier to separately bill customers for personal and enterprise uses. This capability removes one of the most critical industry-wide impediments to the adoption of the BYOD programs which allows employees to use their personal mobile devices for work.
In addition to the core features of KNOX, Samsung also announced new cloud based services, KNOX EMM and KNOX Marketplace.
Samsung is providing the following services with KNOX:
- EMM: Provides cloud-based Mobile Device Management and Identity and Access Management (SSO + Directory service) with a set of IT policies to implement company guidelines. KNOX EMM includes:
Over 326 IT policies
Single sign-on for web-based and mobile apps
Cloud directory service as well as on-premise active directory to manage credential information
Cloud-based enterprise services including productivity enhancement suites CRM and ERP
- Marketplace: A shop for SMBs to find, buy and use KNOX and enterprise cloud apps in a unified environment and includes:
A catalogue of business applications including KNOX and 140+ cloud apps
Customizable bundling for customers to buy multiple apps in a custom bundle
Consolidated billing to allow customers to combine multiple products into a single invoice
The key feature of KNOX EMM and Marketplace is that all the services purchased from the marketplace come with the zero-sign capability implemented by KNOX EMM. IT Admin can supervise employee access rights to the purchased services according to the credentials defined in the directory and employees can access these services from mobile devices and PCs without an explicit registration and sign-in process.
KNOX also supports SE Android policy configurations for third party containers such as Good's secure container, Fixmo's SafeZone, MobileIron's AppConnect which provide better policy control compared to the Native SE for Android, allowing users or IT managers to choose their preferred container.
By partnering with Microsoft, KNOX allows users to join their devices with their company to access company resources and services with Microsoft Workplace Join.
New features of KNOX 2.0 will be commercially available in Q2 2014. Once available, previous generation KNOX users will be able to upgrade to KNOX 2.0 after upgrading to KitKat. KNOX 2.0 will also come pre-installed on the newly launched Samsung Galaxy S5.
Samsung said that since October 2013 when KNOX was first commercially available in the market, Samsung has sold over 25 million KNOX-enabled devices and has over 1 million active KNOX users today.
KNOX 2.0 offers a series of core platform security improvements:
- TrustZone-Protected Certificate Management: Device-wide feature that generates and maintains client certificates inside Trustzone with additional support for industry standards such as PKCS#11; allows mobile devices to play the role of the smart card and its readers.
- KNOX Key Store: Generates and maintains encryption keys inside the TrustZone protected environment; allows third parties to utilize encryption for security sensitive applications and makes sure that encrypted data is protected if the system is compromised
- Real-Time Protection for System Integrity: Real-time monitoring that both detects and prevents any unauthorized modifications to the kernel code, critical kernel data and system partition
- TrustZone-Protected ODE: Encrypts the data stored in the device through the TrustZone-protected encryption key, which can be disabled at the detection of system integrity compromise.
- Two-factor Biometric Authentication: Makes container access even more secure by requiring both password and fingerprint verification to authenticate
- Enhanced Generic Framework of KNOX: Supports Per-App VPN functions for SSL VPN solutions such as Juniper, F5 and Cisco while previously supporting them only for IPsec VPN.
KNOX 2.0 supports the majority of Android apps from the Google Play Store. It also supports SE Android policy configurations for third party containers, such as Good's secure container, Fixmo's SafeZone, MobileIron's AppConnect so that these 3rd party containers will receive the same level of HW-based protection as the KNOX container receives. This evolution of KNOX allows for the choice of different types of containers for a more flexible approach to enterprise BYOD strategies. Besides, UMC and SEG make user enrollment process simpler than before since the user profile is pre-registered to SEG by MDM servers.
KNOX 2.0 supports a dual APN capability that can be used to charge the data traffic usage of enterprise applications from that of personal applications. By assigning a different APN to the data traffic of the enterprise container which runs only enterprise approved applications. From that to the personal data traffic, KNOX can allow a telecom carrier to separately bill customers for personal and enterprise uses. This capability removes one of the most critical industry-wide impediments to the adoption of the BYOD programs which allows employees to use their personal mobile devices for work.
In addition to the core features of KNOX, Samsung also announced new cloud based services, KNOX EMM and KNOX Marketplace.
Samsung is providing the following services with KNOX:
- EMM: Provides cloud-based Mobile Device Management and Identity and Access Management (SSO + Directory service) with a set of IT policies to implement company guidelines. KNOX EMM includes:
Over 326 IT policies
Single sign-on for web-based and mobile apps
Cloud directory service as well as on-premise active directory to manage credential information
Cloud-based enterprise services including productivity enhancement suites CRM and ERP
- Marketplace: A shop for SMBs to find, buy and use KNOX and enterprise cloud apps in a unified environment and includes:
A catalogue of business applications including KNOX and 140+ cloud apps
Customizable bundling for customers to buy multiple apps in a custom bundle
Consolidated billing to allow customers to combine multiple products into a single invoice
The key feature of KNOX EMM and Marketplace is that all the services purchased from the marketplace come with the zero-sign capability implemented by KNOX EMM. IT Admin can supervise employee access rights to the purchased services according to the credentials defined in the directory and employees can access these services from mobile devices and PCs without an explicit registration and sign-in process.
KNOX also supports SE Android policy configurations for third party containers such as Good's secure container, Fixmo's SafeZone, MobileIron's AppConnect which provide better policy control compared to the Native SE for Android, allowing users or IT managers to choose their preferred container.
By partnering with Microsoft, KNOX allows users to join their devices with their company to access company resources and services with Microsoft Workplace Join.
New features of KNOX 2.0 will be commercially available in Q2 2014. Once available, previous generation KNOX users will be able to upgrade to KNOX 2.0 after upgrading to KitKat. KNOX 2.0 will also come pre-installed on the newly launched Samsung Galaxy S5.