As bring your own device (BYOD) policies become more and more popular with enterprises and their employees, issues related to data security and confidentiality become more and more important. In the past, Android has generally been seen as a less secure platform than either iOS or Blackberry, but this might just be about to change if Samsung has its way with its new security service, KNOX.
Samsung KNOX is a high-level security system that aims to make Samsung smartphones as enterprise-ready as competing offerings from Apple and Blackberry. What KNOX does is it creates a separate instance of Android on your phone that is protected via a multitude of security features.
This instance, the KNOX Container, is completely separate from your personal space, and the two never come into contact. Your business data and apps will thus be protected from leaks, as well as in the case of phone loss or theft.
KNOX isn’t available as an .APK or a download from the Play Store. So, if your device doesn’t come pre-installed with KNOX, you’ll have to download and install Samsung’s Android 4.3 Samsung Premium Suite, which will add KNOX support.
If you haven’t gotten this update yet, you can check for it by going to Settings > More > About Phone > System Update > Check for Updates.
Once you have downloaded and installed the Android 4.3 update, you will find a KNOX icon in your app tray. Tap on it and you’ll be asked to download and install the KNOX app itself.
With KNOX downloaded and installed from the app tray icon, you will be asked to set a password and PIN number for your container.
KNOX’s Security Features
As a separate Android installation, the KNOX Container has its own homescreen, apps, widgets and data. It also has security-related limitations – you can’t take screenshots while in KNOX – and there is support for mobile device management (MDM) suites such as AirWatch and Fiberlink. This support will allow device administrators to determine the apps and functions that can be used within the KNOX Container.
All the data within the KNOX Container is encrypted using the Advanced Encryption System (AES) algorithm with a 256-bit key. In addition to this encryption, KNOX also has three additional security features:
- Customizable Secure Boot – manages the apps that start on boot,
- Security Enhancements for Android – isolates data and apps
- TrustZone-based Integrity Measurement Architecture (TIMA) – secures the device’s kernel.
There are 2 ways to access the KNOX Container from your personal Android space. You can either tap the KNOX icon in your app tray or swipe down the Notifications Bar and access it via the notification bar icon – Tap to start.
The first time you log in, you’ll be prompted to enter the password you set when you installed KNOX. KNOX has a password timeout feature (customizable in the Settings menu) which lets you skip re-entering your password if you have to switch between KNOX and your personal space in quick succession.
To log out, you can tap the Personal icon in the lower left corner of the KNOX homescreen, or you can swipe down the Notifications Bar and tap on the KNOX icon, which will say Tap to exit.
The KNOX Container comes with some pre-installed apps such as Camera, Email, Internet and S-Planner. Samsung also has a special KNOX-specific app store, "Samsung KNOX apps". Here, you can find KNOX-compatible versions of popular apps such as Dropbox, OfficeSuite Viewer 7, Evernote, Box and others. See the full list of apps here.
All of these apps will only function in the KNOX Container, and will stay separate from the apps in your personal space. This means that any data entered into or captured with any of these apps will only be accessible within KNOX.
You can also add shortcuts for any of these KNOX apps onto your personal homescreen, for quick access without first switching over to the KNOX Container.
There are a few limitations to KNOX:
- KNOX is only available for Samsung devices that get the Android 4.3 Samsung Premium Suite Upgrade.
- If you have rooted your Samsung device, it’s best to skip using KNOX. It will detect if your phone has been rooted, and if it has, KNOX will void your warranty. It is part of the design to protect your sensitive business data.
- The applications available in the Knox app store are also somewhat limited.
Overall, Samsung’s KNOX is an interesting and useful security solution that will appeal to enterprise owners as well as their employees, particularly those operating in a BYOD environment. Its KNOX Container will ensure that work and personal data do not mix, and the various security features will help ensure that the data remains secure in any eventuality.
If the features and functionality of KNOX are anything to go by, it looks like there’s now a new player in the enterprise-ready mobile device market.