Samsung's Knox pilots ramp: 8 takeaways

Samsung's Knox pilots ramp: 8 takeaways

Summary: Samsung's Knox technology is gaining some enterprise traction. Here's a look at the key issues and industries adopting Android in the enterprise.


Samsung's Knox technology, which is designed to secure Android for easier enterprise adoption, has 29 global pilots under way that are expected to go production shortly.

Overall, the Knox technology, available on the Galaxy S4 and the latest Galaxy tablets and Notes, has gone a long way toward giving Android some enterprise credibility. Knox enables employees and companies to create work and personal containers to keep data segregated in a bring-your-own-device scenario.

Employees were already bringing Android devices to work, but iOS has been viewed as largely more secure. By shoring up Android on the security front and plugging the mobile platform into mobile device management software, Samsung has made its devices much more corporate friendly.

samsungknox overview

We recently caught up with Samsung’s Jae Shin, vice president of the Knox unit in the company's mobile division, and his business-to-business team. Here's a look at the key takeaways from the conversation.

Read this

BYOD and the consumerization of IT

Special report: The Bring Your Own Device phenomenon is reshaping the way IT is purchased, managed, delivered, and secured. We look at what it means, how to handle it, and where it's going in the future.

Smartphones driving Knox adoption...for now?

Shin said smartphones are driving adoption, but in the key verticals such as financial services and healthcare tablets are front and center. "We're seeing different usage scenarios for the Galaxy Note and tablets," said Shin. For now, the Knox charge is being led by the Galaxy S4.

Is Knox in production environments yet?

Shin said that Samsung has 29 pilots globally with its Knox technology and there has been a lot of interest. Most of those pilots---in government agencies and elsewhere---are expected to go production in the near future. Gauging from the interest, Shin said that more pilot-to-production waves will follow.

What has enterprises interested?

The most obvious push for Samsung's Knox technology is the bring your own device movement. Shin explained that with Knox, a person's work and home personas can be pushed to the bare metal level and the trust zone architecture in the Qualcomm chipset. "There are a level of checks up the stack and that's a real security enhancement for Android," said Shin.

What mobile device management platforms will link up to Knox?

Shin said there are nine global mobile device management platforms partnered with Samsung. Those partners are global and regional. "We do the vetting," said Shin, nodding when I pointed out there are more than a 100 MDM vendors. On the local level, Shin said MDM partners are recommended by subsidiaries in places like China, Russia and France. Most of the big players such as Airwatch and MobileIron are able to connect with Knox. Would Samsung ultimately hook up with BlackBerry's MDM software? "We haven't considered BlackBerry. That would have to be a business decision above my pay grade," said Shin.

Would Samsung take its Knox technology to secure other Android devices?

Probably not, said Shin. "To harden and secure the device you have to have control of the chipset and Android framework. That's tough to do for other devices you don't design," said Shin.

Main verticals for Samsung

The main push for Knox adoption is in regulated industries such as financial services, government and healthcare. These industries are seeing BYOD trends and need to secure Android devices. Samsung is seeing enterprises that still buy hardware for employees and the aim is to get Samsung devices on a preferred list. Knox goes a long way. Education is also a key market and most mature for Samsung's B2B unit as is retail. The objective for Samsung is to show how its devices work together in the field.

What are the hurdles?

Shin said that the biggest hurdle for Samsung in the enterprise was "the belief that Android wasn't secure." "That hurdle is much lower now and we have to target different segments with the right device at the right time," said Shin.

Will wearables become a BYOD security issue?

Shin, who was sporting a Samsung smart watch, said enterprises are interested in future proofing, but haven't started worrying about wearables just yet. "I would not be surprised if there an enterprise solution for wearables emerges," said Shin. Samsung prefers to let the ecosystem find business uses for its gear.


Topics: Mobility, Android, Samsung, Bring Your Own Device

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I think knotx

    Why go thru all the hassle of tying yourself in a knox!!!.

    Buy a windows phone and everything comes built-in.

    Not like this putting lipstick on a pig.
    • Dunning-Krueger in da house

      Sorry, Krishna_Prasad, but you don't understand all that Knox does if you think WinPhone does the same thing. I'm not saying one is better than the other - mostly because i think both have pros and cons, and either might be better depending on the context. But there are definitely different features, and tradeoffs in Knox vs. WinPhone.
      • A secure layer over an insecure o/s?

        Ultimately it comes to putting a security layer over an insecure o/s.

        Compare this to QNX (BB) - the most secure and next is WP.

        It takes a long time to get enterprise hardening in place.
        • BlacBerry was a good example, Windows Phone 8 not a good example

          BlackBerry has the Balance™ feature for separating work and personal usage:

          Microsoft has nothing like this for Windows Phone 8.

          In addition, Android' biggest problems are the user enabling software installation from unknown sources and OEM/carrier tardiness with pushing out security updates. The former issue falls under device usage policy and the later issue can easily be addressed by Samsung. And don't forget that SEAndroid, used for isolation in Android, was derived from SELinux which was created by the U.S. government for use in GNU/Linux (e.g., RHEL).

          Enterprises, especially those using SELinux to secure their Red Hat enterprise Linux servers, workstations and desktops, will already be familiar with the policy approach used in SEAndroid.
          Rabid Howler Monkey
        • RE: " next is WP"

          What, pray tell, is your claim WP is the second most OS based on? Certainly not on MS's security record.
  • Not BYOD friendly

    The concept is basically a rip off of Blackberry Balance and since Samsung is limiting this to their devices it's basically a Samsung only thing - which unless you limit your BYOD or corporate devices to Samsung isn't going to fly in the new "bring whatever you have" model of BYOD.

    Another little nugget they forget to tell you is KNOX requires a special carrier data plan - just like BES and Blackberry of years ago. Who foots that cost? Basically kills any BYOD as most corporate BYOD programs cover zero expense. In that case you can forget any employee paying to use their device for work. They recreated the mess that harmed Blackberry for years.

    It's a nice solution 4 years ago.
    • BlackBerry safer option

      Agreed, BlackBerry currently has a better option, even if running other devices. Plus, I like my new BlackBerry
  • But you still have to wait 6 months or so

    Until you get a bug or security OS update. Ridiculous.
  • BlackBerry making good products

    BlackBerry is still best for enterprise and not going anywhere! Look forward to Z30, but Q10 is email king!
  • very confusing

    So, it is BYOD feature, but being tested by "government agencies and elsewhere". In order to be BYOD, it has to be tested by consumers.

    Indeed, it is trying to replicate the failed BlackBerry model of special deals.. with time, it turned out that those special deals lagged behind the mainstream technology and were ultimately dragging BlackBerry, the carriers and customers down.

    The jury is still out on this one, too early to tell if Samsung has anything useful here.
    • UYED

      The inverse of BYOD. For organizations that want to be in the drivers seat with mobile device security, and yet allow their users personal usage of the device.

      Did the failed BlackBerry model (it was RIM at the time) include anything similar to today's BlackBerry Balance™? Not that I can recall ...

      UYED = Use Your Enterprise Device (for personal use).
      Rabid Howler Monkey