KNOX: Samsung's big push to win the enterprise from BlackBerry and iOS
Samsung dominated the news from the Mobile World Congress this week with the announcement of its KNOX platform. KNOX will ship in the second quarter of this year and is designed to set the bar for enterprise-grade mobile technology. To put it simply, KNOX is Samsung's attempt to out-BlackBerry the BlackBerry 10 along with Apple's iOS and become the dominant enterprise mobility platform.
What exactly is KNOX and how does it relate to Samsung's SAFE program?
Samsung introduced its SAFE program more than a year ago. The program is designed to offer enterprise IT groups the same kind of granular management features found in the classic BlackBerry devices and the BlackBerry Enterprise Server. Although only the recent Galaxy S III and Galaxy Note II ship with SAFE branding on the device, the program also incorporates some earlier Samsung products. In recent months, Samsung has waged an ad campaign to inform potential customers about the security features available in its SAFE-certified devices compared to other Android phones and tablets.
As I noted recently, the campaign positioned Samsung as a serious competitor to Apple in the enterprise market. Given that Apple almost never advertises (or even acknowledges) the enterprise chops of its platforms, I argued that the campaign could put Apple's enterprise leading position in jeopardy.
Although Samsung describes KNOX as "aligned" with SAFE, the company is making it pretty clear that KNOX and SAFE are two different entities. While SAFE is designed to offer 300+ security policies, the program is not as deeply integrated into devices or the Android OS as KNOX. In other words SAFE can be thought of as a subset of the capabilities built into KNOX.
To ensure an extreme level of device and data security, KNOX incorporates a special version of Android called SE Android that was developed by the U.S. National Security Agency (NSA). KNOX also incorporates integrity management services that ensure a device hasn't been tampered with or compromised. These are built into a device's hardware as well as implemented within the Android OS that runs on that hardware. All of this enables a level of security on Android higher than anything that has been released to the mass market to date.
That security combined with file level encryption allows KNOX to separate personal apps and content from business apps and data. The KNOX technology creating and enforcing that separation prevents files, content, or other data from being moved or copied from on container to the other. It also ensures that personal apps and malware cannot interact with business content. That security can work both ways and it ensures the privacy of personal data on a device that is managed by IT.
The KNOX container
Users can access the secure KNOX container via an icon on a device's home screen. Through IT management, access to the container can be restricted using enterprise credentials like an Active Directory user account. IT can also determine how long a user can access the KNOX container before being required to re-authenticate -- most likely after a period of inactivity.
The container can contain a range of apps populated by IT using mobile app management (MAM) tools. These can include enterprise apps developed in-house as well as third party apps. There is also the potential for enterprise app store support as well. Because KNOX is fully compatible with the Android ecosystem, commercial apps can be included in the container without requiring any modifications.
Apps that provide access to enterprise resources can take advantage of the mobile authentication services to deliver single sign-on and secure zero-sign-on authentication, allowing users to access those enterprise resources without needing to repeatedly enter credentials for each. This is made possible by the OEM agreement between Samsung and Centrify. Centrify already has a portfolio of business app and service vendors that support these features as well as a developer program that allows app makers and enterprise developers to integrate them.
Beyond the container
Customers have taken control of the buying process, and gone are the days of the carefully crafted marketing message. That means you have to deliver relevant, quality content in the proper context of the customer's situation and device they are using -- and that's a huge challenge for most companies.
Four months after Quip launched on iOS, the company delivers on its promise of an Android app for its eponymous word processor. Today's release comes on the heels of a major update to its Web and iOS apps that finally lets you import Microsoft Word files, a feature the Android version lacks for now. Still, with these two updates, Quip edges closer to its ideal of being a collaborative cross-platform word processor.