Samsung today announced the worldwide commercial availability of its updated Enterprise Security and Management suite for Android - KNOX 2.0 - which is available first on the Galaxy S5, and with other Galaxy devices to follow via OS updates.

The original version of KNOX was first launched with the Galaxy Note 3 in late 2013, and offers additional controls and policies for IT Admins wishing to allow Android phones into the enterprise. KNOX brings a level of control to the enterprise by incorporating a secure boot chain and enterprise-controlled containers which allow both consumer and enterprise data to exist on the same device.

KNOX 2.0 evolves the feature set and branding, with the core platform and app container being re-branded to KNOX Workspace. The entire KNOX brand now includes KNOX Workspace, EMM, Marketplace, and Customization. The original KNOX 1.0 MDM is fully compatible with KNOX 2.0.

Changes to KNOX Workspace include:

  • TrustZone-Protected Certificate Management
  • KNOX Key Store
  • Real-Time Protection
  • TrustZone-Protected ODE
  • Two factor authentication support with Biometric Authentication
  • Enhanced Framework
  • Enhanced features for the KNOX container allowing support for all Android apps from the Google Play Store, eliminating the need to perform app wrapping for third party apps
  • Third party container support
  • Universal MDM Client and Samsung Enterprise Gateway to simplify user enrollment
  • Split-Billing
  • A multi-vendor VPN framework that allows a variety of 3rd party clients including SSL VPN
  • An open SmartCard framework that allows enterprises to choose from an array of smartcard readers

Most of these changes are to make the IT Admin’s job a lot easier, which in theory should increase adoption rate, but there is one change that is aimed squarely at the consumer – Split-billing.

Split-billing works with the SIM provider to allow separate billing for personal apps and company apps. Whether this is a good thing or a bad thing likely depends on whether your company pays your cell bill in full, or if they expect you to pay for it. It opens the door to allowing companies to only pay for their portion of the bill without using a dual SIM phone. It’s an interesting idea but I don’t think it comes with any sort of arbitration in the event there is a billing dispute between the employer and employee.

The other components of KNOX are:

  • KNOX EMM – a cloud-based MDM and directory service with single sign-on (SSO) including a set of policies for companies to implement
  • KNOX Marketplace – a marketplace for SMBs to find and purchase enterprise cloud apps
  • KNOX Customization – a way to create customized business to business solutions using off the shelf hardware

Clearly, Samsung has gotten a taste of the enterprise market, which is certainly a higher margin environment than the consumer market. Enterprises will pay well for a quality product with a decent return on investment, and of course Samsung would love to take some of the MDM management market share away from the likes of Blackberry and others, as well as get a hold in the BYOD market that Apple has done well with.

If you’d like to learn more, Samsung has released a white paper outlining KNOX here.

Source: Samsung

Comments Locked

17 Comments

View All Comments

  • ddriver - Thursday, May 8, 2014 - link

    Rooting and removing KNOX was the first thing I did on my Note 3. To hell with warranty, installing a custom kernel and rom, removing the Samsung bloatware and sandboxing/firewalling the essentials and enabling various extra hardware and software options makes for an amazing device. Performance is tangibly better, even the pen latency was reduced to almost non-existential. Free from security holes, free from corporate personal data exploitation, free from ads - that's what people want, not new versions of the old garbage.
  • antef - Thursday, May 8, 2014 - link

    Why is any of this necessary? Doesn't iPhone succeed in the enterprise without all this MDM crap? Most companies I think let you add an Exchange account to your iPhone directly without any secure "container"/"workspace", etc. Simply requiring a PIN on the lock screen and the fact that the iPhone is already pretty secure and encrypted seems to be good enough. Why is the exact same not true for Android. This is one of the problems it has as a platform. People take advantage of its openness and flexibility to add unnecessary bloat and invasiveness, not unlike Windows.
  • Torrijos - Thursday, May 8, 2014 - link

    Actually Apple does allow IT departments to manage iOS devices with MDM solutions.
  • Penti - Monday, May 12, 2014 - link

    iPhone pioneered this field plus have excellent support for Exchange built in, with S/MIME encryption/certifications with remote wipe from Exchange, with support for MDM. With stuff like device encryption. With earlier support for the most important features than any other platform. This just extends on those kind of features, plus is built in so you don't need to buy in a solution to install on the phones to do this kind of management.
  • Penti - Monday, May 12, 2014 - link

    Also these are the kind of features Microsoft first delivers with Windows Phone 8.1 in the basic forms without all the container/workspace stuff. They haven't been able to do Exchange-support decently while companies like Apple have.
  • DanNeely - Thursday, May 8, 2014 - link

    Neither iOS or stock Android can be locked down, monitored, and controlled as tightly as BB can be. Until that changes parts of the govt are going to continue buying BB phones even though the only people in the agencies who want to are the IA compliance team. Knox is Samsung's attempt to break the status quo, capture a large number of federal (mostly DoD) contracts, and finally put BlackBerry out of our misery.
  • JohnJWhitfield - Thursday, May 8, 2014 - link

    Simply requiring a PIN on the lock screen and the fact that the iPhone is already pretty secure and encrypted seems to be good enough. Why is the exact same not true for Android. This is one of the problems it has as a platform. People take advantage of its openness and flexibility to add unnecessary bloat and invasiveness, not unlike Windows. http://num.to/6142-9294-2042

Log in

Don't have an account? Sign up now