Samsung introduced KNOX at the 2013 Mobile World Congress (MWC). It is a secure app and data container for Samsung mobiles, backed by hardware, enabling businesses to run apps that are isolated from a user’s personal apps (which might include badly behaved or even malicious apps). Data is encrypted so that business secrets are safe if the device goes astray.
The core of Knox is a hardware process called TIMA (Trustzone Integrity Measurement). This checks for tampering in the core operating system (trusted boot) and sets a tamper bit if it detects a problem. The tamper bit cannot be set in software alone.
A device with KNOX activated can be flipped between personal and business (KNOX) personalities. It is like having two smartphones in one. Whether this is a desirable approach is up for debate, but it does secure business apps and data.
We did not hear much about KNOX after last year’s MWC. It was released a few months later, but snags included limited device support (only the latest Samsung devices), the need to prepare apps with a special KNOX wrapper before they could be used, and the need to hire a Samsung partner like Centrify to provide administration tools.
All that has changed following last night’s announcement of the next generation of KNOX. Highlights:
Most apps can now be installed in KNOX without any special wrapper
You can use a third-party container such as Good, Fixmo Safezone, or MobileIron AppConnect in place of the KNOX container, but still using KNOX hardware protection.
Two factor authentication (for example requiring a fingerprint swipe as well as a password to access a KNOX container)
KNOX supports Microsoft’s workplace join (a kind of lightweight domain join) for secure access to Microsoft network resources.
Samsung has introduced a cloud-based Mobile Device Management (MDM) tool called KNOX EMM (Enterprise Mobility Management). This runs on Microsoft’s Azure platform and integrates with Azure Active Directory (which can itself link to on-premise Active Directory) so that small businesses on Office 365, or large businesses which prefer a cloud tool, can manage both Knox and other devices. EMM is primarily aimed at SMEs but apparently can scale up without limit.
EMM will also support non-Samsung devices.
EMM includes an app marketplace allowing businesses to purchase and deploy apps. The example we were shown was the Box cloud storage service.
Availability is promised for the second quarter of 2014.
- Windows Phone 8 enterprise security versus Blackberry 10 Balance and Samsung Knox
- Microsoft takes aim at VMware, talks cloud and mobile device management at MMS 2013
- Power shifts at Mobile World Congress: Samsung rises, Apple absent, Google hidden, Microsoft missing
- Microsoft’s Azure Mobile Services: node.js and more in beginnings of easy cloud to device development
- The Samsung i600 and Windows Mobile