KNOX: Samsung's big push to win the enterprise from BlackBerry and iOS
Samsung dominated the news from the Mobile World Congress this week with the announcement of its KNOX platform. KNOX will ship in the second quarter of this year and is designed to set the bar for enterprise-grade mobile technology. To put it simply, KNOX is Samsung's attempt to out-BlackBerry the BlackBerry 10 along with Apple's iOS and become the dominant enterprise mobility platform.
What exactly is KNOX and how does it relate to Samsung's SAFE program?
Samsung introduced its SAFE program more than a year ago. The program is designed to offer enterprise IT groups the same kind of granular management features found in the classic BlackBerry devices and the BlackBerry Enterprise Server. Although only the recent Galaxy S III and Galaxy Note II ship with SAFE branding on the device, the program also incorporates some earlier Samsung products. In recent months, Samsung has waged an ad campaign to inform potential customers about the security features available in its SAFE-certified devices compared to other Android phones and tablets.
As I noted recently, the campaign positioned Samsung as a serious competitor to Apple in the enterprise market. Given that Apple almost never advertises (or even acknowledges) the enterprise chops of its platforms, I argued that the campaign could put Apple's enterprise leading position in jeopardy.
Although Samsung describes KNOX as "aligned" with SAFE, the company is making it pretty clear that KNOX and SAFE are two different entities. While SAFE is designed to offer 300+ security policies, the program is not as deeply integrated into devices or the Android OS as KNOX. In other words SAFE can be thought of as a subset of the capabilities built into KNOX.
To ensure an extreme level of device and data security, KNOX incorporates a special version of Android called SE Android that was developed by the U.S. National Security Agency (NSA). KNOX also incorporates integrity management services that ensure a device hasn't been tampered with or compromised. These are built into a device's hardware as well as implemented within the Android OS that runs on that hardware. All of this enables a level of security on Android higher than anything that has been released to the mass market to date.
That security combined with file level encryption allows KNOX to separate personal apps and content from business apps and data. The KNOX technology creating and enforcing that separation prevents files, content, or other data from being moved or copied from on container to the other. It also ensures that personal apps and malware cannot interact with business content. That security can work both ways and it ensures the privacy of personal data on a device that is managed by IT.
The KNOX container
Users can access the secure KNOX container via an icon on a device's home screen. Through IT management, access to the container can be restricted using enterprise credentials like an Active Directory user account. IT can also determine how long a user can access the KNOX container before being required to re-authenticate -- most likely after a period of inactivity.
The container can contain a range of apps populated by IT using mobile app management (MAM) tools. These can include enterprise apps developed in-house as well as third party apps. There is also the potential for enterprise app store support as well. Because KNOX is fully compatible with the Android ecosystem, commercial apps can be included in the container without requiring any modifications.
Apps that provide access to enterprise resources can take advantage of the mobile authentication services to deliver single sign-on and secure zero-sign-on authentication, allowing users to access those enterprise resources without needing to repeatedly enter credentials for each. This is made possible by the OEM agreement between Samsung and Centrify. Centrify already has a portfolio of business app and service vendors that support these features as well as a developer program that allows app makers and enterprise developers to integrate them.
Beyond the container
This week, a National Transportation Safety Board judge dismissed a $10,000 fine that the U.S. Federal Aviation Administration had lodged against a photographer who had used a drone to take aerial photos for the University of Virginia. The judge found that the FAA hadn't actually issued any enforceable rules regarding the use of commercial drones.
If you've got a Windows XP machine -- either at home or in the office -- consider yourself lucky. In the past, you'd upgrade to a more recent Windows operating system without a thought. Today, you have many options.
It's designed for the 3.5 billion people who have feature phones today. It solves technical problems Google is not interested in and is a better fit for the pre-paid phones popular in developing countries. The only trick is getting developers on board.
The cloud has overcome a lot of its technical challenges, especially when it comes to security. But the biggest problems in cloud computing now are cultural.