For IT and security professionals, Samsung's Galaxy S4 launch marked an important milestone. It was the first device announced to feature the new KNOX security platform that Samsung introduced last month's at Mobile World Congress. KNOX has the potential to be a game changer in the world of enterprise mobility because it provides a truly enterprise-grade secure version of Android.
KNOX-enabled devices deliver the kind of security that was the hallmark of the BlackBerry. That makes the platform attractive to any IT department, but it is especially attractive in regulated industries, government agencies, and government and defense contractors.
KNOX achieves its impressive security through several layered hardware and software technologies:
- A secure boot process.
- An integrity measurement architecture that determines if the boot loader or kernel has been compromised (and can take actions as defined by mobile management policies).
- Security Enhanced Android, a custom build developed by the U.S. National Security Agency.
- Separating secure enterprise and digitally signed third-party applications from user-installed apps.
- An encrypted file system and the KNOX container secure and isolate business data from personal data.
All of this is extremely powerful and could make KNOX-enabled devices a de facto corporate and enterprise standard against which all devices are judged.
KNOX follows Samsung SAFE, an earlier enterprise program that provides over 300 security and management policies that IT departments can enable on SAFE-certified devices using mobile management tools.
For Samsung, building SAFE and KNOX into devices that will be sold to consumers and businesses is a brilliant move to ensure the platform is widely available and accessible. Add to that the fact that the overall security technologies will appeal to consumers in their own right and you have a recipe for easily implementing a tiered BYOD model in which users with the most secure devices get deeper and broader access to network resources than those less secure devices.
KNOX also works well in a COPE (corporate owned, personally enabled) model where a company purchases mobile devices and gives them to users with encouragement to treat the device as their own. In such a model, the Galaxy S4 is probably the most ideal device to consider right now because it combines popular features with incredible security and management capabilities.
Samsung needs more enabled devices
While you would think that KNOX is a dream solution for IT, security, and risk management -- a panacea for all the ills of BYOD -- but Apple is rapidly becoming the entrenched incumbent when it comes to enterprise mobile devices and security.
In order to take the throne, Samsung is going to need to deploy KNOX across a broader range of devices than just its flagship smartphone.
A future Galaxy Note III seems a likely contender. Last year's Galaxy S III and Galaxy Note II were the first devices to ship with branding about Samsung's SAFE program. (The company also added SAFE support to some existing products including the previous generation Galaxy and Galaxy Note devices, albeit without any branding.)
Unlike SAFE, however, KNOX is based partly on hardware features, meaning devices already out in the wild cannot be upgraded to fully support KNOX. That means that in addition to a next-generation Galaxy Note, Samsung will need to build KNOX into future tablets -- ideally at different screen sizes -- as well as phones and phablets.
That could introduce a fragmentation issue among Samsung's product line when it comes to enterprise support. Some devices, most likely older models still in production and entry level devices, will have no enterprise support beyond that inherent in Android, others will support SAFE policies, and still others will support KNOX. If the company moves forward with Tizen, it will introduce even more fragmentation among its enterprise-oriented devices -- not to mention the wider playing of Android devices from other manufacturers.
Ironically, Samsung's biggest enterprise competitor -- Apple -- offers fewer security and management policies but does so uniformly across every device that it currently sells. All current iPhones (4/4S/5) and iPads (second/third/fourth generation and the iPad mini) and iPod touches have the same slate of MDM capabilities regardless of price point or market demographic. Samsung's extreme diversity of devices for different markets and costs, which is a positive in the consumer market, can be seen as a potential challenge or limitation stacked against Apple in the enterprise space.
IT knows instantly how an iOS device fits into an environment and how to manage or restrict it. That might not always be clear with a new (or older) Samsung device.
Samsung could prevent or rectify that challenge by building KNOX into every device regardless of presumed market or price point. In that reality, any device introduced in or after 2013 would be known as a secure device. It wouldn't matter the product line or category or whether the device was a phone, phablet, or more traditional tablet. Every device would beat the pants off Apple's devices (at least until Apple ups the ante with more enterprise security in iOS 7 or 8).
At the very least, Samsung will need to ensure that any potential Apple device has a competing KNOX-enabled product -- and the sooner they come to market, the better. That means, in addition to the Galaxy S4 and Note III, Samsung would need two tablets -- a full size one to compete against the iPad and a smaller 7-inch device to compete against the iPad mini. To have the best chance of competing in the enterprise, Samsung would need to ensure its most popular tablets were KNOX-enabled.
Who knows, maybe KNOX and enterprise competition might lead Samsung to thin out its product line.