Tom Kemp's Centrify Blog

What is Samsung KNOX?

Monday, February 25, 2013

Samsung KNOX

As I discussed in my last blog post, Centrify announced today at Mobile World Congress that Samsung Electronics Co, Ltd., has selected Centrify to provide key enabling technology for Samsung's next generation Android-based platform, called KNOX. This new OEM partnership between Samsung and Centrify will embed Centrify's Active Directory-based mobile security and cloud identity technology on tens of millions of Samsung devices. In this blog post I want to discuss in a bit more detail what is KNOX and the technology Centrify is adding to it.

Samsung KNOX is a new Android-based platform designed from the ground up with security in mind to address the shortcomings of the current open source Android platform. The KNOX platform retains full compatibility with Android and the ecosystem while engineering fundamental security and management enhancements. All of these advantages make KNOX the perfect choice for both regulated and general enterprise environments. The KNOX Platform leverages hardware-level features to provide enhanced security to protect the operating system and complies with US Government and Department of Defense (DoD) initiatives and standards for mobile device security (i.e. FIPS), enabling its use in government and other highly regulated enterprise environments. One of the central features of KNOX is its container technology that provides the separation of your work and personal life on your mobile device.

Samsung KNOX plus Centrify

So what are containers and "containerization"? "Containerization" is about securely separating corporate and business data and apps. Also known as "workspaces" or "sandboxing," containers provide a cleaner separation on a mobile device between work and play. So even in the case that the device itself has no unlock passcode and no corresponding security policies, the secure container of business apps on the phone cannot be accessed unless the appropriate passcode is entered. And inside the container the user is able to share data between business apps (e.g. copy and paste text from an email into a CRM record), but corporate IT would of course not want data inside the container copy-and-pasted onto a non-container app such as Twitter or Facebook — i.e. data leak prevention. And of course corporate IT should have the ability to wipe the container if the device is lost or the employee leaves the organization, but not delete music, photos, personal apps, etc. that the employee put on the phone. Think of it as "virtualization" but for mobile.

Example of a Samsung KNOX Container being managed inside by Active Directory via Centrify. Note ability to create/remove/lock/unlock a Container on the Device.

Example of a Samsung device running KNOX being managed by Centrify. Note ability to create/remove/lock/unlock a Container on the Device.

Key to providing this enterprise capability is seamless "out-of-the-box" integration with an enterprise's existing IT infrastructure that includes Microsoft Active Directory ("AD"). Because of this critical requirement, Samsung decided to partner with Centrify, who is not only the industry leader in integrating AD with data center, cloud and mobile resources, but also can uniquely deliver both mobile authentication (aka Mobile Authentication Services "MAS") and AD-based policy management of containers (aka Mobile Container Management "MCM") and mobile devices (aka Mobile Device Management "MDM") in a single solution. The end result of this partnership between Samsung and Centrify is consumers not only get the right mobile solution for Work & Play and the productivity gains of having 1-click sign-on (aka "zero sign-on") to their enterprise apps, but enterprise IT also gets to leverage existing tools and skillsets to securely manage users' devices and work containers while knowing there is a clean separation of enterprise and personal data.

Want to go beyond Single Sign-on for Mobile and get 1-click

Want to go beyond Single Sign-on for Mobile and get 1-click "Zero Sign-on" to Enterprise Apps? Centrify is the answer and will deliver this as part of Samsung KNOX.

As part of the agreement, Centrify will also help Samsung power the growth of an easy-to-use, developer kit and ISV app ecosystem for Android in the enterprise through the licensing of its Mobile Authentication Services (MAS) Software Development Kit (SDK) into the Samsung for Enterprise (SAFE) SDK Framework. This enables any Android app developer to use this SAFE mobile client SDK within their rich native mobile app to enable "Zero Sign-On" from Samsung's new devices to their cloud based applications. ISVs such as Box, Catch and Onvelop are part of a growing list of ecosystem partners which are in various stages of enhancing their apps using the Centrify MAS SDK to support Zero Sign-On inside Samsung KNOX containers. App developers can learn more by visiting http://www.centrify.com/mas.

So the value of KNOX for enterprises includes:

  • KNOX provides comprehensive security: confidentiality of enterprise data, integrity of mobile platform, authentication and authorization of mobile users
  • KNOX has hardware integrated, defence grade security — from bootloader to applications
  • KNOX provides enterprise ready data isolation between Work and Personal spaces
  • Leverage Centrify technology to be able to use existing management tools and skillsets (e.g. Microsoft Active Directory) to manage KNOX devices and containers — i.e. plugs right into your existing IT infrastructure and no need to go out and buy another management tool

The value for consumers includes:

  • KNOX keeps your personal data secure and separate from Enterprise Data
  • KNOX has a simple and intuitive experience for work and play on the same device
  • Single sign-on to business apps leveraging Centrify
Centrify also provides a powerful web interface to manage Samsung KNOX devices and containers.

Centrify also provides a powerful web interface to manage Samsung KNOX devices and containers.

And the value for partners includes:

  • KNOX has a standard API for partners and ISVs — with backward compatibility
  • Write your Enterprise App once using KNOX API — and target more than 100M devices per year
  • Easily build customized, hardware integrated Enterprise apps for vertical markets

As you can see Samsung KNOX is very powerful technology that will be eagerly accepted by enterprises and users alike. Centrify is very excited about this strategic relationship with Samsung, and we look forward to our technology being deployed on tens of millions of devices and having millions of users rely on our cloud service for SaaS and app single sign-on. I will be providing more details about KNOX and our technology that is embedded as part of it in future blog posts.

< Previous Article: Samsung to OEM Centrify for Single Sign-On and Mobile Management
> Next Article: SaaS Single Sign-on in Action