Samsung KNOX - The Most Secure Android Solution
•Download as PPTX, PDF•
5 likes•4,079 views
Our approach to security and management addresses real-world challenges that enterprises are faced with when it comes to mobility solutions. Most enterprises are offering a BYOD or COPE program today. And Android devices are heavily in demand by business users – in fact IDC estimates that this year, Android will sell more phones in business segment than Apple will sell in total. And yet, there is a clear division of what is important to business users and IT when it comes to mobility. IT wants devices that: Provide strong security and control Integrate easily with existing infrastructure Keep deployment, maintenance and upgrade costs low Users, on the other hand, want devices that: - Make me productive - Protect my privacy - Give me a wide choice of features In many cases, these requirements are working against each other. That is what makes KNOX so valuable in enterprise scenarios. Using KNOX, you get the best of both worlds – the security and control IT is looking for and the sleek design, productivity, and cutting edge features that users want in Galaxy smartphones and tablets.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (19)
Similar to Samsung KNOX - The Most Secure Android Solution
Similar to Samsung KNOX - The Most Secure Android Solution (20)
More from Samsung Biz Mobile
More from Samsung Biz Mobile (9)
Recently uploaded
Recently uploaded (20)
Samsung KNOX - The Most Secure Android Solution
- 1. The most secure Android solution
- 2. 2016 enterprise mobility trends Android adoption in business continues to grow IT and user mobility needs do not easily align User Productivity Privacy Choice IT Security Integration Low cost * Leading analytics firm Android’s dominance is expected to grow to 82% of all phones by 2019.*
- 4. KNOX is Samsung’s defense-grade mobile security platform built into our new devices making them the most secure Android devices available. KNOX Platform Real-time device protection from the moment you turn it on
- 5. KNOX Workspace defense-grade container • Isolate, encrypt, and protect corporate data. • Defense-grade, dual persona container. • IT control of security of corporate data and resource access. • Personal information controlled entirely by user.
- 6. KNOX Cloud Solutions (KNOX Express and KNOX Premium) My KNOX KNOX Workspace KNOX Customization SMB Enterprise, Government and other verticals Security and productivity for all business users Individuals KNOX platform KNOX Enabled App
- 7. KNOX maximizes Android security Key differentiators: • Defense-grade, hardware anchored security • Fully enterprise-ready • Cost control and ease of deployment • Best end-user experience Enterprise-ready Deep IT Integration/support and best end-user experience Application security Secure app access and data protection Device security Secure hardware design and manufacturing with boot, load, and run-time defenses
- 9. What’s new in KNOX? Key features in KNOX 2.6 Increased end user productivity Industry-leading Android for Work support and integration A more powerful partner ecosystem Advanced security Granular management for tighter control
- 10. Industry-leading Android for Work support and integration Google Play for Work support KNOX Workspace supports Google Play for Work for better IT app deployment and employee app discovery and download. Android for Work hardened by KNOX Android for Work managed profiles now integrates deeper into the KNOX platform for boot and run time protections, enhanced encryption, and improved security.
- 11. Advanced security KNOX Mobile Enrollment improvements More safety measures protect the process of bulk enrollment of devices from network attacks. VPN HTTP Proxy Authentication HTTP Proxy configurations over VPN for KNOX Workspace now support proxy authentication. Kernel address space layout randomization The KNOX platform now ensures that the memory address of kernel data structures and code are randomized from one device to another. Enhanced Real-time Kernel Protection (RKP) RKP monitors some critical kernel data structures to verify that they are not exploited by attacks. This feature extends RKP security to Namespace Data Structure protection.
- 12. Increased end-user productivity Multi Window support for KNOX End users now can use apps in KNOX Workspace alongside apps outside KNOX Workspace. Enable speech-to-text in KNOX Workspace End users can use Google Voice with apps inside KNOX Workspace. Clipboard / copy and paste outside to inside IT admins now can allow end users to copy/ paste from outside KNOX Workspace into KNOX Workspace.
- 13. Granular management for tighter control Trust Anchor Management On BYOD devices used for play and work, the end user and IT admin can choose to trust different sets of Certification Authority (CA) certificates. Data Loss Prevention (DLP) Enables IT admins to enforce tighter policies on the KNOX container and its apps to restrict and prevent enterprise data loss or leakage. Per-app roaming control Now IT admins can control which apps are allowed to use mobile data when the user is connected to a roaming network.
- 14. A more powerful partner ecosystem KNOX Enabled Apps enhancements Enhancements to KEA give app developers increased flexibility. KNOX Customization SDK App developers gain the ability to customize apps for Standard and Premium SDKs. Attestation API Developers can use this to determine whether a device is secure enough to enable their app to run.
- 15. KNOX works on many Samsung devices 30+ Samsung models supported in countries around the world
- 17. Wide support from leading MDM vendors Strong community of MDM partners makes it possible to quickly enable KNOX in any enterprise Key partners integrate their own secure containers with KNOX platform 3rd party container MDM
- 18. Ecosystem of enterprise solution partners Business Apps VPN Smart Card/CACAuthentication Secure Voice/SMS Enterprise Billing Advanced Mobile SecurityIAM/SSO
- 19. The most secure Android – only with Samsung Supports any business user on innovative, widely adopted Samsung devices. Meets the security requirements of IT and productivity needs of users – maximizing Android security and productivity. New features supported with our latest devices, including the Galaxy S7, S7 edge, S6, S6 edge, S6 edge+ and Note 5. For more information visit www.samsungknox.com
Editor's Notes
- Today we are going to give you an overview of our latest advancements with Samsung KNOX, the most secure Android solution – delivered through the most popular Android device manufacturer, Samsung
- Our approach to security and management addresses real-world challenges that enterprises are faced with when it comes to mobility solutions. Most enterprises are offering a BYOD or COPE program today. And Android devices are heavily in demand by users. Eight of every 10 phones on the market are Android devices, and that trend is expected to hold steady through to 2019. And yet, there is a clear division of what is important to business users and IT when it comes to mobility. IT wants devices that: Provide strong security and control Integrate easily with existing infrastructure Keep deployment, maintenance and upgrade costs low Users, on the other hand, want devices that: - Make me productive - Protect my privacy - Give me a wide choice of features In many cases, these requirements are working against each other. That is what makes KNOX so valuable in enterprise scenarios. Using KNOX, you get the best of both worlds – the security and control IT is looking for and the sleek design, productivity, and cutting edge features that users want in Galaxy smartphones and tablets.
- Samsung manufactures and configures its devices in its own factories, which gives Samsung total control over the state of the device software leaving the factory. From the hardware root of trust to the Android framework and all the layers in between, Samsung KNOX has security and protection measures in place. • Device integrity to ensure devices have not been compromised at any point from manufacturer to user. • Trusted boot process to guarantee that the precise, full set of allowed software is loaded and run. • Corporate data security to keep strict separation and isolation of personal and corporate applications and data. • Enterprise-ready features, such as SSL VPN support, On-Device Encryption, and Single Sign-On, to meet mobile security compliance requirements. With Samsung KNOX you get real time device protection from the moment you turn on the device. From the hardware root of trust to the Android framework and all the layers in between, Samsung KNOX has security and protection measures in place.
- KNOX Workspace is a defense-grade dual persona container product designed to separate, isolate, encrypt and protect work data from attackers. This work/play environment ensures work data and personal data don’t mix and that only the work container can be managed by the company. Personal information such as pictures and messages are not managed or controlled by the IT department. The KNOX Workspace product is tightly integrated into the KNOX platform when activated.
- Samsung offers solutions built on the KNOX platform to meet the needs of any industry or organization type. Samsung also offers protection for third-party apps with the KNOX Enabled App container solution. KNOX solutions deliver security for individual users (My KNOX), for SMB organizations (KNOX Express and KNOX Premium) that need cloud-based options to reduce administrative overhead, and for enterprises and governments (KNOX Workspace) that require highly customized and locked down mobility solutions (KNOX Customization).
- As the clear leader in security and enterprise readiness among all Android OEMs, Samsung KNOX builds on Android to deliver a comprehensive security solution that addresses these real-world issues for the most demanding enterprise customers. The most secure Android solution is delivered by Samsung, on Samsung devices with KNOX. Key differentiators include: Defense grade, hardware anchored security foundation Hardware to application level security – Security measures in every layer of the Android stack and Samsung device hardware OEM controlled (e.g. root key and certificates) Internationally recognized certifications including: FIPS* 140-2 : US Federal Gov’t Requirement (Nov, 2011) DISA* STIG* : US DoD Security Requirement (May, 2013) Common Criteria* MDFPP* : Requirement to access US classified information (Feb, 2014) DISA* Approved Product List : Approved Mobile Product in US DoD systems (Jun, 2014) CSFC* List : the only Approved mobile product to access US classified data (Sep, 2014) ISCCC : Security solution certificate by the China Information Security Certification Center (December 2015) ANSII: First level security certification from the French national security agency (December 2015) Ensures that system software is authentic (come from a trusted source and it is not been modified) Fully enterprise-ready: Extensive support and integration with popular IT solutions Deeper integration with key MDM solutions Wide range of VPN support (Cisco, F5, Juniper, Strongswan, Mocana, etc..) Single Sign On (Microsoft, Kerberos, CA, Centrify, More to come vs google set of services only) Rich integration with Exchange email (certificate based authentication) Microsoft AD for container login Cost control and ease of deployment Enterprise billing capabilities Bulk enrollment of devices with KNOX Mobile Enrollment The best end user experience Familiar and intuitive experience for apps with options for preferred UI layout (e.g. folder view that makes it even more seamless/easy to access work apps) Many of the great Samsung device end user security and productivity features (e.g. multi-tasking, fingerprint scanner, S-pen, keyboard case accessory) work with KNOX Details on Certifications below: -------------------------------------------- FIPS 140-2 National Institute of Standards and Technology (NIST) publication FIPS 140-2 defines security requirements for cryptographic modules. Samsung Kernel Cryptographic Module (Cert #1915) Samsung Kernel Cryptographic Module (Cert #2214) Samsung devices also make use of FIPS certified cryptography ... Certification UK CESG CESG is the National Technical Authority for Information Assurance within the UK. CESG has published the following End User Device (EUD) security guidance for Samsung devices. Samsung Devices with Android 4.2 Samsung devices with KNOX Samsung devices with KNOX 2.x Additional resources Samsung KNOX ... Certification Common Criteria Common Criteria certification that complies with the Protection Profile for Mobile Device Fundamentals. ... with KNOX 2 Samsung has obtained the following Common Criteria certification that complies ... Certification Australian Signals Directorate ASD has published the following announcement endorsing the Protection Profile for Mobile Device Fundamentals as well as recognizing evaluations against this Protection Profile. Samsung Galaxy Devices with Qualcomm Snapdragon Processors including the Galaxy S4, Galaxy Note 3, and the Galaxy NotePRO ... Certification Finland Finnish Communications Regulatory Authority (FICORA) has successfully evaluated Samsung Knox against protective level IV defined by the Finnish Security Auditing Criteria (KATAKRI II).-8 ... Certification U.S. Department of Defense (DoD) The DoD Defense Information Systems Agency ’s (DISA) Field Security Office (FSO) publishes Security Technical Implementation Guide (STIG). Samsung has obtained approval for the following STIGs. Samsung Android (with KNOX 1.0) STIG Version 1 Zip file Checklist details Samsung Android (with KNOX 1.x ...
- Samsung continually updates the KNOX portfolio to address requirements for enabling secure mobility in a way that satisfies IT’s need for control, while also bolstering worker productivity. We’ve just released several significant updates that we’ll cover in the next few slides, but the value these new capabilities provide help organizations capitalize on the potential offered by Android 6.0 Marshmallow. We’ve grouped these features into five key themes that we’ll address over the next few slides…
- In KNOX 2.4 we introduced support for Android for Work, allowing users to install both services on their devices without any conflict. In KNOX 2.6 we’ve further augmented that support with deeper integration between KNOX and AfW. Google Play for Work inside KNOX Workspace: Allows Enterprises/IT admins to perform app management (silent install/uninstall, whitelist/blacklist) using Google Play for work inside KNOX workspace. Play for work shows filtered list of apps for the users to download. AfW hardened by KNOX: By default, the Managed Profile on a Samsung device now benefits from KNOX as follows: - Access to the Managed profile is contingent on the integrity of the device - Sensitive Data Protection can be utilized by apps inside managed profile without any need for additional license activation - Managed profile uses TIMA Keystore for storing certificates by default - Certificates are stored, by default, in the TIMA Keystore - Exposes and uses Secure Data Policy APIs for AfW apps
- Our priority around KNOX 2.6 was to reinforce our already robust platform and address potential vulnerabilities. KNOX products and services continue to evolve to address new mobile security threats. We’ve improved the security around KNOX Mobile Enrollment to address network and enrollment time vulnerabilities. These include certificate pinning and mutual authentication of network requests made from the device to the Samsung Mobile Enrollment server. For KNOX Workspace, HTTP Proxy configurations over VPN now support proxy authentication via NT LAN Manager and basic authentication. The NT LM provides a suite of authentication and session protocols for HTTP Proxy over VPN. We’ve also enhanced real time kernel protection, which monitors critical kernel data structures to verify they are not exploited by attacks. It also prevents access to privileged mode and prevents privileged folders from being moved to a different location. This new enhancement extends RKP protection to the Security Data Structure and Namespace data. With kernel address space layout randomization (or KASLR), we’ve randomized and obfuscated the address space layout of kernel modules and data. Attacks on kernel data structures in part depend on determining the address of the data the attackers wish to modify. On devices without KASLR, the data structures are identical, making it an easy job for attackers. KASLR protects and reinforces the KNOX platform by randomizing the memory address of kernel data structures and code.
- KNOX Workspace supports key productivity features for more seamless work and personal interactions. Our new Multi Window support means end users can view a video on the personal side of their device, while taking notes on an app inside the container. Google Voice now works on apps inside the KNOX Workspace container, allowing users to dictate speech into text. And IT admins can now set permissions to allow users to copy and paste text from outside the KNOX Workspace into apps inside the KNOX Workspace container. Copying from the container to the personal space remains restricted, keeping confidential data confidential.
- We’ve created more tools for IT admins to manage apps and data on devices including policies to enforce security updates and other app controls. Trust Anchor Management allows IT admins and end users to choose different sets of CA certificates on BYOD devices. This provides both groups with the freedom of choice to control their own space. IT can now also determine which apps are allowed to use mobile data when a device is connected to a roaming network. This ensures that a user’s personal apps don’t use enterprise mobile data during business travel, helping manage costs. We’ve added Data Loss Protection, a set of policies and associated APIs that enables enterprises to enforce file and document management policies for apps in the container. These include expiration dates, forwarding rules, app whitelisting and more. What this means is if a user downloads and stores an email attachment using an email app in the KNOX container, they will not be able to forward that attachment to their personal email. This helps enterprises have tighter control of their content, and helps mitigate human error or data breaches.
- And also in KNOX 2.6 we’ve created more tools to better enable our ISV, SO and MDM partners to build secure and custom solutions for their customers. Enhancements to KNOX Enabled App have been designed to give developers more flexibility. New features include user access to internal memory in personal mode, and the ability for users to save app data and settings when an app is upgraded to KEA. We’ve upgraded the KNOX Customization SDK to allow for even more customization capabilities. This includes enhanced system control to add or remove widgets and shortcuts to the home screen, auto-boot on power-on, add or remove items from the status bar, and allow removal of the Edit button. Partners may also add items in Settings for Professional Kiosk mode. In addition, the new Attestation API enables ISVs and individual developers to establish an attestation server with an attestation-only license. This allows them to determine device functionality before proceeding with the sensitive functionality of the application.
- KNOX works on many Samsung devices – including the new Galaxy S7 and S7 edge, the Galaxy S6 phones, and Note 5 – so that you can be assured that your devices are fully secured and equipped for business. We will continue to expand support for KNOX across as many Samsung mobile devices as we can.
- KNOX also has strong support for our partner community. MDM vendor support means that IT can centrally monitor and manage Samsung devices and enforce security and compliance controls. Samsung works closely with each of these vendors to ensure they can rapidly take advantage of any new features in the KNOX platform. These MDM vendors have added important functionality to enterprise mobility, leveraging KNOX features to ensure: - Manageability of KNOX Workspace - Planned support for Galaxy S6 edge+ and Note 5 - KNOX 2.x integration
- From a solution and app perspective, Samsung also works closely with a broad set of ISVs to ensure that you can arm your workers with the applications they need to be secure and productive. There also are popular business productivity and security apps available on Google Play.
- So to recap, KNOX makes it possible to support any business user – whether an individual, an SMB, or an enterprise – on many of the wildly popular, innovative mobile devices that Samsung has in the market. It maximizes the baseline security available in Android, ensuring that companies have all of the data security, application security, and enterprise-ready features necessary to enable Samsung devices to interact securely with their networks. The new features available for IT administrators and users are available now with Galaxy S7, S7 edge, S6, S6 edge, S6 edge+ and Note 5 devices. In the meantime, you can visit samsungknox.com for the latest information.