Knox Platform for Enterprise goes beyond Android Enterprise
Samsung and Google have been diligently working to advance and secure enterprise mobility, and today we see improvements around both Google’s Android operating system and Samsung’s Knox platform that make it easier than ever for businesses to stay connected, protected, and productive.
Samsung launched Knox in 2013, designing a mobile security platform that was embedded into the hardware and software of most of its Android tablets and smartphones. We built a suite of IT solutions that leverage this platform and address a variety of business needs through the entire device life cycle. Today, we call this evolved platform Knox Platform for Enterprise (KPE).
During this time, Google continued to expand its Android offering for businesses, first offering Android for Work (AfW), and today, Android Enterprise. However, enterprise customers had to pick between Knox or Android Enterprise. They could not benefit from features from both solutions, and had to delete one solution in order to use the other.
But that has changed since the release of Knox 3.0. Our new platform aligns our architecture with Google’s, which allows our customers to manage a single solution with features from both Android and Knox.
And so today, Knox Platform for Enterprise incorporates Android Enterprise. Customers now can have a seamless, in-place upgrade from the Android Enterprise base functionality simply by activating a Knox Platform for Enterprise license.
Some examples of the advanced security and management features that Knox Platform for Enterprise provides on top of Android Enterprise are as shown below:
1. Security – KPE defends against security threats and protects enterprise data through layers of security built on top of a hardware-backed trusted environment.
- Real-time Kernel Protection (RKP) – KPE provides the industry’s strongest kernel protection against kernel threats and exploits, which works seamlessly out-of-the-box, with no setup efforts required.
- Certificate management – KPE stores certificates in a hardware-backed secure environment that locks down if devices are tampered with.
- Certificates enrollment protocols – KPE supports certificates enrollment protocols, which are the most secure way to enroll certificates on mobile devices.
- Unified interface – KPE provides unified interface to help certificates from external storage to be used by apps using keychain.
2. Workspace – KPE provides a secure work environment by isolating work app and data.
- Knox Workspace – IT can granularly manage the import and export of data such as files, contacts, and calender events, to and from the Work environment. IT can also configure and control some critical functionalities only for the work environment. e.g. Bluetooth, NFC, USB access, and external storage.
- Sensitive Data Protection – KPE provides an extra layer of encryption to protect sensitive enterprise data. Once a device is lost or stolen, a sophisticated attack can extract data from it as long as the device is still running, even if the device is locked. But SDP makes such attacks more difficult.
3. Manageability – KPE enables enterprise IT admins to manage them easily, securely, and efficiently.
- App management – Preventing another admin app installation, disabling system apps, granting permissions while app is running.
- Firewall management – Restrict and redirect internet access to specific IP addresses and domains, set firewall policies on a per-app or device basis.
- VPN management – Use VPN tunnels on-demand, only when apps in a VPN profile are running, bypass VPN tunnels when a device is on-premise in a local corporate network.
- Network Platform Analytics – Provide network usage information from end user devices. e.g. destination of every network flow, domain name, start time and stop time for the network flow, etc.