Samsung released the Galaxy S4 earlier this month. One of the main security features it comes with is called ‘Knox’ (which is a new upgrade to SAFE – see bootnote). This is Samsung’s in-house proprietary security BYOD solution that separates your personal data from your business/enterprise data (including accounts and apps and app data) into encrypted containers.
Knox isn’t for the consumer though – just as Balance on the Z10 and Q10 devices isn’t for BlackBerry consumers. It’s aim is IT departments who want to manage BYOD policies – note here, Knox doesn’t currently run on Android tablets. The user only has to switch from personal to the business account at the tap of a button (it also has it’s own home screen, launcher, app and widgets). This means you don’t have to reboot the Android device. This is a cool feature.
The personal data cannot be accessed by the IT department either (and the container encrypts the data) good news if you don’t want the company you work for knowing everything about your private life! Another interesting feature is that if you install an app in your personal account, the app will be unable to read or write data from the enterprise/business container.
The main security features of SAFE
Platform security is essential and Knox comes with secure boot on ARM TrustZone based security architecture (not to dissimilar to what Windows 8 uses with ‘Trusted Boot Process’) and also run SE (security enhanced) Android, which is a security-enhanced Android. There is also app security to consider. This includes the Knox Container environment (sandboxes) previously mentioned above. This is what separate the personal and business/enterprise data. Further to this there is an encrypted file system and on-demand FIPS-certified VPN connectivity.
One criticism I have with the personal/business balance is (this is applicable to Blackberry and Samsung) is that these BYOD solutions don’t solve who pays for the data usage/roaming. The carriers would beed to be involved in this as they would need to work out two bills for the personal/business balance based on one mobile number. This is unlikely to happen soon, given the technical and obvious cost issues.
Finally, for those of you who use other devices in the Galaxy range for example in your jobs, the IT departments will be notifying you that you will be receiving the upgrade SAFE Knox feature in Q2/3 of this year.
Safe surfing folks!
Bootnote: Samsung For Enterprise (SAFE) offers Microsoft ActiveSync support for email and calendaring, on-device encryption (256-bit), VPN support (Cisco’s and Juniper’s), and APIs for Mobile Device Management (MDM) products, supported by the likes of MobileIron, Sybase Afaria, Zenprise, SOTI and AirWatch. Those APIs enabled almost 340 IT policies, which is pretty impressive.