The push for BYOD (bring your own device) policies in workplaces has been on the rise for the last couple of years, but many corporations have frowned upon Android devices due to "security issues" within the OS. Samsung is looking to change that mindset with its newly-announced KNOX solution.


Essentially, KNOX is a security-enhanced version of Android – based on the NSA-approved SE Linux – optimized for Samsung's SAFE (Samsung for Enterprise) program. It's built-in to both the hardware and Android's framework, so it's really a full-coverage solution. At the application layer, it works to separate personal and corporate data by containerizing and encrypting corporate applications and data, which protects against viruses and malware, as well as outside attacks.

On the surface, KNOX acts like an application and can be launched directly from the apptray or homescreen – which basically opens a containerized OS within Android where all the corporate applications and files are stored. It's also compatible with most common enterprise infrastructures such as MDM and VPN.

KNOX is slated to be available on "select GALAXY" devices beginning in Q2 of this year.

Samsung Tomorrow

Barcelona, February 25, 2013 - Samsung Electronics Co, Ltd., a global leader in digital media and digital convergence technologies, today announced Samsung KNOX, an end-to-end secure solution that provides security hardening from the hardware through to the application layer. 

KNOX incorporates Security Enhanced (SE) Android developed by NSA (National Security Agency),and integrity management services implemented in both hardware and the Android framework.  At the application layer, KNOX offers a container solution that separates business and personal use of a mobile device.  This separation is enforced by SE Android and file system level encryption, offering protection of business data and applications from data leakage, viruses and malware attacks.  Lightweight and compatible with existing common enterprise infrastructure such as MDM, VPN and directory services, KNOX provides reassurance and convenience for IT departments looking to implement and manage Bring Your Own Device (BYOD) strategies. 

Easily accessible via an icon on the home screen, the KNOX container presents to users a variety of enterprise applications in a secure environment including email, browser, contacts, calendars, file sharing, collaboration, CRM and business intelligence applications. KNOX enables existing Android eco-system applications to automatically gain enterprise integration and validated, robust security with zero change to the application source code. KNOX relieves application developers from the burden of developing individual enterprise features such as FIPS compliant VPN, on-device encryption, Enterprise Single Sign On (SSO), Active Directory support and Smart Card based multi-factor authentication.

“Security and privacy are understandably held up as barriers to businesses embracing BYOD demands.  Meanwhile, users are seeing the latest smartphones and tablets and knocking at the door of IT demanding to be able to use their own devices,” said JK Shin, President and Head of IT and Mobile Division.   “The solution is clear – combine the business and personal in a single device.  Samsung KNOX achieves this harmony between enterprise control and employee satisfaction by delivering fundamental security at the platform level, while leaving the user experience consistent.” 

KNOX is a Samsung enterprise solution and aligned with the Samsung For Enterprise (SAFE) programme, an ongoing effort initiated by the company to promote the readiness of its devices for enterprise use. More information on the SAFE program is available here.

Cameron Summerson
Cameron is a self-made geek, Android enthusiast, horror movie fanatic, musician, and cyclist. When he's not pounding keys here at AP, you can find him spending time with his wife and kids, plucking away on the 6-string, spinning on the streets, or watching The Texas Chainsaw Massacre on repeat.

  • Jamie

    "Select Galaxy Devices"

    Flagships then, at least S4 and Note 3 are candidates

    Else firmware locked selective Touchwiz 4.2.x builds feature

  • http://twitter.com/ToysSamurai Toys Samurai

    To a certain degree, I really hate this kind of so called "security" features because it gives a false sense of security to some people. Just read about the news of most security exploits in recent years, a lot of them have to do with some people being tricked into visiting some websites, and do something (ex, downloading/running an infected app, logging into a fake website, etc.) Yes, may be these new security enhancement can stop existing known exploits, but hackers will always find new way to exploit the system if we the people continue to be uneducated about the risk of doing dangerous things.

    • didibus

      I don't really care about the security, since I'm not an enterprise user. But I would love to be able to have, on the same phone, a work environment, and a play environment. Where everything would be completely separated. So I can keep my work contacts, email, apps, and my wallpaper and all, about work and safe for work. Then switch to my playground when I go home, and forget about all things work.

  • http://twitter.com/SourabhSekhar12 Sourabh Sekhar

    nobody noticed the S IV in the background!! :P

    • http://twitter.com/arzbhatia Arz Bhatia

      Yeah really. How come people are not flooding over this post? :o

  • Dan Caseley

    Really good to see one of the big players taking the 1 device, multiple roles thing seriously. Containerizing? That's an awkward word.

  • Matthew Fry

    Man, those girls are pretty damned excited.

  • Cuvis

    This doesn't really help with BYOD until it's available across all Android devices, not just ”select Galaxy devices”.

    • Steph Chi

      +1. I can't say better.

  • http://www.facebook.com/profile.php?id=510225179 facebook-510225179

    What good is an enterprise security platform if it only works on "select GALAXY devices". Does Samsung really think companies can convince all their BYOD users to switch to the Galaxy S III? Or do they think that Administrators are naive enough not to recognize that? This app is useless unless it's available for all devices right from the get go.

    • didibus

      Germany just ordered a batch of 5000, I guess some places are willing to just buy the phone to all their employees.