Samsung's Knox Separates Personal from Work in Android
By Barry Levine / CIO Today. Updated February 26, 2013.
As James Bond villain Goldfinger knew, Fort Knox is synonymous with the ultimate in security. Which is why Samsung's new end-to-end secure solution for Android devices, unveiled Monday at the Mobile World Congress in Barcelona, goes by the name of Samsung Knox.
Mobile security, especially with so many devices and platforms to support as a result of the "bring your own device" trend, consistently ranks among IT departments' top headaches. Samsung said that its solution provided "security hardening from the hardware through the application layer" through the use of integrity management services and Security Enhanced (SE) Android, developed by the U.S. National Security Agency. The company said its solution is compatible with mobile data management systems, virtual private networking and directory services.
Knox is being compared to a new enterprise feature that Blackberry highlighted when it launched its new BB10 platform in late January -- the ability to separate business from personal data on a mobile device. This kind of solution meets IT's needs, while allowing users to maintain their personal photos, e-mail and other info outside of IT's control.
'Harmony' Between Control, Satisfaction
Samsung said its separation uses SE Android and file-system-level encryption. Users can access the Knox container via a home screen icon, and therein access enterprise applications -- e-mail, a browser, contacts, calendar, file sharing, collaboration, CRM and business intelligence apps. With Knox, existing Android apps can automatically gain enterprise integration and validation, and Samsung said it allows companies to avoid developing individual enterprise features, such as FIPS compliant VPN, on-device encryption, Enterprise Single Sign On, Active Directory support and Smart Card-based multi-factor authentication.
JK Shin, president and head of Samsung's IT and Mobile Communications Division, said in a statement that businesses are "understandably" raising security and privacy issues as barriers to BYOD, while users want to use their own devices. He said that the Knox solution combines "the business and personal in a single device," achieving a "harmony between enterprise control and employee satisfaction."
BlackBerry's solution, called BlackBerry Balance, similarly separates and secures work and personal information. Apps and data from an organization are restricted from being accessed by personal apps, and vice versa. IT can remotely wipe all information on the device, or just work-related information.
'Makes Sense in Theory'
Laura DiDio, an analyst with Information Technology Intelligence Consulting, said the separation of work and personal info and apps on the same mobile device "makes sense in theory," but it needs to be backed up by clear company policy and procedures. Part of the reason for this need for accepted practices, she said, is because of what ITIC's research has shown -- "the walls between personal and business information are coming down."
She also pointed out that, while containerization has been around a while, this approach by Samsung and BlackBerry supports the trend toward "self-service IT," where users, once the policies have been made clear, can make some of the decisions about what data remains personal. This approach "is easier for app developers to implement," DiDio said, but it also has to be "easy for users and administrators."