Active Directory-based authentication, access control and role-based privilege management for Windows, Linux & UNIX
Standard Edition + privileged user auditing
Enterprise Edition + encryption of data-in-motion and server isolation
Any Edition + single sign-on for SAP, Apache and J2EE/Java applications
Single sign-on for cloud apps + mobile device supportMac Edition
Active Directory-based authentication and Group Policy management for Macs + mobile device supportPremium Edition
SaaS and Mac Editions + mobile device supportCentrify for Samsung KNOX
Active Directory-based SSO, MCM and MDM for KNOX-enabled devices
Monday, February 25, 2013
As I discussed in my last blog post, Centrify announced today at Mobile World Congress that Samsung Electronics Co, Ltd., has selected Centrify to provide key enabling technology for Samsung's next generation Android-based platform, called KNOX. This new OEM partnership between Samsung and Centrify will embed Centrify's Active Directory-based mobile security and cloud identity technology on tens of millions of Samsung devices. In this blog post I want to discuss in a bit more detail what is KNOX and the technology Centrify is adding to it.
Samsung KNOX is a new Android-based platform designed from the ground up with security in mind to address the shortcomings of the current open source Android platform. The KNOX platform retains full compatibility with Android and the ecosystem while engineering fundamental security and management enhancements. All of these advantages make KNOX the perfect choice for both regulated and general enterprise environments. The KNOX Platform leverages hardware-level features to provide enhanced security to protect the operating system and complies with US Government and Department of Defense (DoD) initiatives and standards for mobile device security (i.e. FIPS), enabling its use in government and other highly regulated enterprise environments. One of the central features of KNOX is its container technology that provides the separation of your work and personal life on your mobile device.
So what are containers and "containerization"? "Containerization" is about securely separating corporate and business data and apps. Also known as "workspaces" or "sandboxing," containers provide a cleaner separation on a mobile device between work and play. So even in the case that the device itself has no unlock passcode and no corresponding security policies, the secure container of business apps on the phone cannot be accessed unless the appropriate passcode is entered. And inside the container the user is able to share data between business apps (e.g. copy and paste text from an email into a CRM record), but corporate IT would of course not want data inside the container copy-and-pasted onto a non-container app such as Twitter or Facebook — i.e. data leak prevention. And of course corporate IT should have the ability to wipe the container if the device is lost or the employee leaves the organization, but not delete music, photos, personal apps, etc. that the employee put on the phone. Think of it as "virtualization" but for mobile.
Key to providing this enterprise capability is seamless "out-of-the-box" integration with an enterprise's existing IT infrastructure that includes Microsoft Active Directory ("AD"). Because of this critical requirement, Samsung decided to partner with Centrify, who is not only the industry leader in integrating AD with data center, cloud and mobile resources, but also can uniquely deliver both mobile authentication (aka Mobile Authentication Services "MAS") and AD-based policy management of containers (aka Mobile Container Management "MCM") and mobile devices (aka Mobile Device Management "MDM") in a single solution. The end result of this partnership between Samsung and Centrify is consumers not only get the right mobile solution for Work & Play and the productivity gains of having 1-click sign-on (aka "zero sign-on") to their enterprise apps, but enterprise IT also gets to leverage existing tools and skillsets to securely manage users' devices and work containers while knowing there is a clean separation of enterprise and personal data.
As part of the agreement, Centrify will also help Samsung power the growth of an easy-to-use, developer kit and ISV app ecosystem for Android in the enterprise through the licensing of its Mobile Authentication Services (MAS) Software Development Kit (SDK) into the Samsung for Enterprise (SAFE) SDK Framework. This enables any Android app developer to use this SAFE mobile client SDK within their rich native mobile app to enable "Zero Sign-On" from Samsung's new devices to their cloud based applications. ISVs such as Box, Catch and Onvelop are part of a growing list of ecosystem partners which are in various stages of enhancing their apps using the Centrify MAS SDK to support Zero Sign-On inside Samsung KNOX containers. App developers can learn more by visiting http://www.centrify.com/mas.
So the value of KNOX for enterprises includes:
The value for consumers includes:
And the value for partners includes:
As you can see Samsung KNOX is very powerful technology that will be eagerly accepted by enterprises and users alike. Centrify is very excited about this strategic relationship with Samsung, and we look forward to our technology being deployed on tens of millions of devices and having millions of users rely on our cloud service for SaaS and app single sign-on. I will be providing more details about KNOX and our technology that is embedded as part of it in future blog posts.