Samsung Knox: an Overview
Samsung Knox – Consumer
Samsung Knox is a security layer built into Samsung devices that adds an extra layer of security to your personal data and business data.
Bring your own device (BYOD)
In more and more instances, a lot of people are using their own personal phones for work. This is because BYOD policies are getting more and more popular as well as phone prices rising and consumer models becoming more secure.
If you have a Samsung Galaxy phone that’s no older than two years, you most probably have the core Samsung Knox software already on it. It’s part of the Android OS, so it’s not something you can install from the play store. Knox is also built into Tizen on Samsung’s wearables.
What is Samsung Knox?
Samsung Knox is a special security layer found in top-tier Samsung phones that can separate and isolate personal and business user data. You can almost think of it to turn one device into two because of the way it manages apps and the data those apps create, as well as any data you store within them.
As a consumer you can install an app called Secure folder from the play store and this enables you to create a secure space on the device to store business sensitive data. This allows you to copy apps or content to the secure folder which separates it from the consumer side of the device. You will need to create a unique password for the secure folder which is completely different from the device’s lock password (normally you should create a different password to your device lock password).
So, even if someone were able to bypass the lock screen, the Knox secured data would be inaccessible. Samsung do have people who try to hack the software and find weaknesses which Samsung then patch so they’re always testing and patching, which is very important in the digital age we live in now.
Once you enter the Knox-protected area of your device you only have access to a few apps like Phone, Camera, Gallery, My Files, Calendar and a couple of others. You can add other apps to the Knox-protected area which will copy them to the Knox area of the device, which then secures their data from the consumer side of the device.
What do you need for Knox to work?
Knox needs two things in order to work on a consumer device.
1.You need the right device — not all Samsung devices support Knox, and you can see the list of those that do support Knox here.
2.You also need the right software and you can find the Samsung Secure Folder in the Play Store if you use a compatible phone to search for it. It won’t show when you search for it if your device is not compatible.
I’m a consumer, is it worth using Knox?
Knox is a great way to hide files, folders and other content from others who might have access to your device from time to time, like family, friends or colleagues. By placing an application inside Knox Secure Folder, you hide its data unless you know the password, and you can also use the My Files app to secure any file or folder from prying eyes.
You probably wouldn’t want to use Samsung Knox for your daily activities like text messaging or your contacts list, although you could if you want to. Anything you think is a bit sensitive for example, like a document with all your account credentials on, Knox is a perfect way to secure them.
Using Knox in an Enterprise environment
There are essentially two device setups you can use for using Knox in an enterprise deployment scenario.
1.Work Profile – Enterprise
A work profile splits the device into two completely separate areas like the consumer Secure Folder. You navigate between the two areas by opening the Knox App and entering your password. Again, this password is unique and separate from any other passwords you use like your unlock password to get into your device.
However, this is different to the secure folder as your company admin managed it and can push apps, wallpapers and other things like password policies down to the work profile.
2.Kiosk Mode – Enterprise
This mode allows you to tie multiple devices to the one uniform screen which may contain a business wallpaper with branding, a couple of apps and system areas of the device like settings which lock out the end user. This is ideal for setups like mpro5’s time and attendance module which we use with tablets on wall mountings.
Although Enterprise-level programs exist from both Apple and Google, Samsung Knox is the easiest to use and manage.
There’s also a third important component that can be used for Enterprise management — Enterprise Edition (EE). EE devices come with a solution called Knox Configure – the price of the device includes this.
It’s a solution that an IT department can use to manage the Knox layer on their device estate that are part of the company’s web server (portal). It’s a cloud-based management solution built to work with Knox and a turn-key secure platform. You can learn more about it here and if you’re an IT professional looking for a multi-device management solution in the UK then you can talk to a representative from here.
Knox has 50+ certifications in 10+ countries for use in government installations in the following countries: UK, US, Finland, France, Kazakhstan, Netherlands, Spain, Russia, Germany, China and South Korea. It’s also FIPS 140-2 and ISCCC compliant in specific configurations. This means that organisations like the U.S Department of Defence think Knox is safe enough for its employees to use. That means it’s also safe enough for you.
For more information on this please see here.
There are several solutions that work together with Knox below:
I will keep these descriptions short as there’s a lot of content for each of them. I will provide a link for each solution.
Knox Configure (KC)
KC allows you to make core changes to your devices out of the box. You can load contacts, apps, the home page layout, wallpapers, boot animations and configure the enrolment page onto your devices as just a few examples. For a more comprehensive read please see here.
Please note: your re-seller will need to upload the device Serial numbers onto the Configure portal for you to be able to implement.
Knox Mobile Enrolment (KME)
KME effectively ties a device to your Knox Manage solution.
So, once the re-seller finished uploading the devices to the KME portal, the device will know it’s owned by your organisation when it connects to the internet. You will then be able to load a list of users and passwords and then link it to a Knox Manage profile. This means when it boots and starts the enrolment process, it will auto input the username and password to your Knox Manage solution and then loads it into the Knox Manage profile that you create which could be a full lock down or a staging area.
For a more comprehensive read please see here.
Knox Manage (KM)
KM allows you add lock downs profiles of all sorts of configurations to your devices. This also allows you to remotely connect and control the device estate which is a great support solution. You can also make changes and push them down in real time to multiple or individual devices.
For a more comprehensive read please see here.
This solution allows you to version control the Operating Systems of your device estate, this does not link to just one portal either, it just links to the devices themselves. So, if you manage multiple tenants or customer portals, you can version control them all from one E-Fota portal.