Samsung and Google's vision is to make Android #1 in enterprise. Android for Work managed profile implementation will always run best on a Samsung device, and the highest level security on any Android device is built on the hardware-based KNOX Platform.
2. Prime directive
The Samsung and Google vision is to
make Android #1 in enterprise by
showing customers how they win with
a “No Fruit Diet.”
• AfW managed profile implementation will
always run best on a Samsung device.
• The highest level security on any Android
device is built on the hardware-based
KNOX Platform.
“If it’s on Android, it
runs best on Samsung.”
3. If you’re serious about protecting your enterprise data,
Samsung is the best choice
4. Samsung: best available security experience
OEM Security Implementation
Android for Work is a
program to deliver security
guidance to OEMs
Samsung devices are the
most secure AfW devices
out of the box because of
the Samsung KNOX
platform.
For customers who want
data separation, KNOX
Workspace is the most
secure solution.
Data Separation
OEM
1
OEM
2 OEM
3
AfW
managed
profiles
5. Samsung KNOX platform lets you choose how to separate work and personal
AfW
managed
profile
KNOX
Workspace
Work Profiles • Built-in
productivity tools
APIs for application and policy
management
Container • Private App Store
• Secure Sideloading •
Native Productivity Tools
Extensive, fine-grained control
for application and policy
management
“Samsung KNOX Platform protects you from the moment you turn the device on”
✓ ✓
✓
✓
✓
✓
Factory-installed
KNOX Platform:
• Secure Boot
• Trusted Boot
• ODE
• Enhanced TIMA
• CCM
• Keystore
• Encrypted
Workspace
• SE for Android
6. Only KNOX Workspace delivers the full set of advanced security features
Defense-grade
security for
regulated
organizations /
industries
COPE / BYOD
Corporate-liable
requirements
Advanced
management and
granular control
Vertical-specific
requirements
1 2 3 4
7. Defense-grade security for
regulated organizations/industries
Hardware-based security:
• KNOX delivers hardware-rooted
chain-of-trust.
• KNOX restricts app access to only
required data and resources using an
isolation architecture on files and services
• On activation, KNOX Workspace adds
another layer of device integrity.
• Internationally recognized certifications:
1
8. COPE & BYOD / Corporate-liable requirements
• Support Corporate-Owned Personally-
Enabled (COPE) and BYOD devices
with device-wide protection.
• Support separate isolated
containers for the most sensitive
data and apps.
2
Support one or both.
9. Advanced management
and granular control
Advanced VPN support:
• Per-App, Device-wide, Always-On,
On-Demand
• VPN chaining
• Blocking routes
Robust IT policies:
• KNOX has 600+ policies
• and 1500+ APIs
More flexibility and control:
• Mobile Enrollment
• Split Billing capabilities
• Doesn’t require a Samsung or Google account
• Cloud services and on-premises services
3
10. Vertical-specific requirements:
• Contractors can isolate data from
multiple enterprises.
• Users can share a device and own
individual containers.
• Enable kiosk (container-only mode) for
POS solutions.
• Support Bluetooth, NFC and USB
inside the container to connect to
various peripherals.
4
11. Things to remember
• The best Android solutions run on Samsung.
• Data separation solutions run best on the Samsung KNOX security
platform.
• For heightened security, KNOX Workspace is the best available
data-separation solution.
Android – top level
Central Samsung device, spits in two
Show foundation
Samsung is the best and most secure experience. Start with the foundational elements
ODE – on device encryption
Samsung opens the door to two great options ….
Certified for government standards.
KNOX certifications include:
FIPS 140-2
MDFPP certified
US DISA FSO STIG 2.0 approval
Australian Signals Directorate (ASD)
FICORA (Finland)
UK CESG
Per-App VPN Applies to a specific group of apps.
Device-wide VPN Prevents data-leakage across all users/profiles/containers and used to meet government mobile device certification requirements.
Always-On VPN Connects on device boot and reconnects automatically.
On-Demand VPN Reduces battery usage and server load.
VPN chaining Encrypts twice. <correct? Or adds second encryption>
Blocking routes Prevents data leakage if a mandatory VPN connection drops.