Integrating Mobile Device Management - Case Study Example

Samsung’s KNOX Author’s Name Institutional affiliation Date Tutor 1.0 Introduction Samsung Group is an international conglomerate whose headquarters are in Seoul, South Korea. The company was founded in 1938 and produces a wide range of products and it is mostly known for electronics, chief among them being mobile phones. In the growing competition and complexity of the phone market Samsung has been a trail blazer as manifested by its introduction of newer and better phone models over time. Security of user communication as well as data has is a major concern for people using electronic devices. People are more likely to use technology which meets their usual needs and more importantly, ensures that they can rest assured that no fraudulent activities are being carried out on their mobile devices. This concern has prompted many companies to develop solutions that meet, and sometimes exceed, expectations by consumers (Vacca, 2006). Samsung, being driven by consideration of consumers’ best interests has been at the forefront in developing security solutions which are calculated to ensure that their consumers can fully enjoy the great products that roll out from the Samsung’s factories across the globe. One such security product is the Samsung KNOX. Samsung KNOX is based on open source android system. Samsung KNOX enables users to take advantage of features provided by Android as well as Google while at the same time ensuring that basic security features are taken care of (Google, 2013). This solution makes use of some technologies that have been patented by the National Security Agency. Samsung also provides advanced features in its hardware which offer protection to the operating system installed as well as other applications (Samsung, 2013). Due to the security features incorporated into the solution, the developers have made requests to the government of the United States and the Department of Defense so that they can receive the green light for the solution to be applied in highly regulated enterprise environment as well as by government agencies (Gralla & Lindley, 2006). The report examines how KNOX would benefit the work place in terms of securities. The report delves into the advantages of using KNOX and its capabilities in integrating Mobile Device Management Solution and specifically how the solution would make it possible for remote resources to be accessed securely. 2.0 Background An overwhelming majority of phones in the market are what are known as smart phone. The smart phones take about 75% of the phone market (Hamelsbach, 2013). A smart phone refers to a mobile phone which is based on a mobile operating system. Smart phones have computing and connectivity capabilities than ordinary phones (Ilyas & Ahson, 2006). There are several mobile operating systems and different handset makers choose different operating systems and their choices are informed by different considerations. The most successful and widely used platform for smart phones is known as Android. Android has its basis as Linux kernel and this operating system is designed mostly for devices which use touch screen such as smart phones (Zheng, 2006). Android has attained great success due to a number of factors. Android operates as an open on an open source basis. Due to this many people were attracted to adopt the operating system either as users or developers. Android operating system provides services from Google in addition to allowing applications from third parties which has made it very attractive to consumer. Despite the major success that Android has enjoyed, many enterprises have been reluctant to deploy devices based on Android. Enterprises have cited limited security and limited capability in management as the main drawbacks for their lack of enthusiasm to adopt Android based platform. Samsung is among the leading companies in production of smart phones based on Android. The company has seen the need to give enterprises a reason to trust devices based on Android. Samsung aims to gain the confidence of the normally skeptical enterprises through Samsung KNOX. 3.0 Security of Samsung KNOX 3.1 Platform Security Samsung KNOX offers Secure Boot which is customizable. Secure Boot refers to a procedure which ensures that unwanted software and operating systems do not load during the process of startup. Firmware images are encrypted and they are considered as authorized (Rhee, 2003). In devices that are based on KNOX, Secure Boot serves as the first aspect of preventing such devices from being attacked by malicious software. For Secure Boot, the kernel, the system software, and the device boot loader should be encrypted and there should be a key which the hardware should verify. X.509 certificates are used by Secure Boot. There are also public keys that are built into the device's boot loader. When the manufacturers are making the devices, they fuse a secure hash into the Read Only Memory of the device. Before the Secure Boot loader proceeds, it checks to ensure that authorized signed binaries are available failure to which the booting process is automatically halted. After the first process, Secure Boot checks to ensure that the system and cryptographic signature of Linux kernel are present and it is only after this that it handles control to the Operating System (Samsung, 2013). The boot scheme gains trust due to use of X.509 certificates. Issue of certificates by government agencies increases the level of trust in the devices. 3.2Application Security Samsung KNOX does not just secure the platform. The solution offers solution which ensures that individual applications are secured. This is achieved through use of application containers, data encryption in the device as well as support for virtual private network (Fowler, 1999). Samsung KNOX provides a container which a virtual environment in a mobile device and the container contains an individual home screen, application, widgets, and a launcher. The applications and the data that is placed inside a container are separate from other applications that are not placed within the container. The applications that are not within the container are not able to make use of data-sharing and android inter-process communication that are available to applications placed within a container. Applications that are placed inside a container are unable to interact with applications that are found outside the container. There are cases where applications placed inside container which can be allowed to access data which is outside the container though the access is read only (Samsung, 2013). By isolating applications and data that is placed in the container, Samsung has solved a problem which would be referred to as data leakage. Data leakage takes place when the device's user unintentionally sends information through social network, personal email account, or a public cloud system. Through the use of Samsung KNOX, the device user can set up a container which is dedicated just to applications relating to work related functions. Corporate applications including browser, email, amongst others make sure that when the user downloads data from the enterprise including files and email attachments. The data so downloaded cannot be accessed by applications that are outside the specific container. In order to gain access to application inside the container, a password is required. This is achieved through use of encryption algorithms for the data stored in a container. The Samsung KNOX Container provides a better user experience since it’s integrated deeply into the native Android platform. By creating the deep integration users experience less confusion and it is possible for Samsung KNOX Container to offer additional guarantees for security and isolation (Samsung, 2013). The enterprise should manage a container the same it does with a Mobile Device Management (MDM) solution. Many MDMs which are on offer in the market are supported by Samsung KNOX. The Container is managed by setting policies in a fashion similar to the traditional MDM. The Samsung KNOX Container have many policies relating to data security, authentification, and email, among others. Information Technology administrators are able to encrypt data on an entire device through the use of On-device Data Encryption feature (Speed & Ellis, 2003). Through use of Samsung KNOX, a business is able to assure its employees of a path to the intranet that is not just optimized but also secure. The virtual private network (VPN) provided by Samsung enables IT administrators to manage, configure and make provision for the use of the VPN on the basis of an application. An enterprise is able therefore, to VPN is only used on certain application used by the enterprise (Samsung, 2013). By so doing, the enterprise is able to ensure that personal data does not overload the internet connection of the company. 3.3 Mobile Device Management The IT department is able to administer, monitor, and control all the mobile devices which are deployed across different service providers. This control is made possible through the Mobile Device Management. The basis upon which Samsung KNOX builds on is Mobile Device Management known as SAFE which is also a product of Samsung. Samsung KNOX therefore provides other policies which enhance security, remote control, enterprise application, enterprise integration, in addition to others. With respect to Mobile Device Management, Samsung has made key enhancements which include ensuring that policies developed comply with the requirement of the Department of Defense of the United States with regard to security requirements. The other important enhancement is the support provided for Samsung KNOX Container. Samsung has made provisions for idle screen as well as locking of the screen. It is possible to support the management through use of Group Policy Manager (Samsung, 2013). Samsung has also made provisioning possible for Wi-Fi and Virtual Private Network. 3.4 Theft Recovery There has been unprecedented growth in the number as well as popularity of smart phones. As a natural consequence of this, theft of smart phones has increased. Many robberies in major urban areas relate to smart phones. Robbers are motivated by the fact that the devices are resold at a handsome price. When the smart phones are stolen, it becomes very difficult to disable them and those who steal the device are thus able to sell the personal information that they find in the devices (Samsung, 2013). To curb this nuisance, Samsung KNOX developers included solutions that prevent theft. It is also possible to track and recover the mobile devices following a theft of the same. Even if a person puts the device back into factory settings, the capabilities for theft prevention that are built into the firmware cannot be disable and it is still possible to track down and apprehend the person holding onto such devices. There are two components which make up the theft recovery solution built into the Samsung KNOX. There is the Mobile Agents and this runs as an application for Android. The other component is Persistence Service which is built into the firmware of the device. The persistence Service does not operate and the user is required to subscribe to the service for recovery after theft. The mobile device user is then required to use an installer and install the Mobile Agent (Samsung, 2013). When the Persistence Service is enabled, it becomes possible to track the devices and the Mobile Agent remains present even when the user who acquires the stolen device resets the mobile device to its factory settings. When a device is stolen, the owner is required to report the issue to the relevant law enforcement agency. After reporting the theft, the person who has lost the device should then inform the Theft Recovery Customer Center and this should be done after obtaining a police case number (Samsung, 2013). The personnel involved in the recovery issue commands to the Mobile Agent and monitoring is activated. This makes it possible to monitor and track the device. By involving the law enforcement agents, it becomes possible to recover the lost device. 4.0 Samsung KNOX use by Government and Security Agents Samsung KNOX provides additional security features where the devices are to be used by the government as well as installations involving the Department of Defense. These additional features include Boot Attestation, Certifications and Validations, and Smartcard support. The commercially produced devices have root certificates issued by Samsung. However, where such devices are to be used by the government, the government agencies involved prefer being the custodian of the whole of the device's firmware as well as the root certificate. The technology developed by Samsung makes it possible to provision for further roots of trust and some of these are reserved for government agencies. Under the regulations of the Department of Defense employees are required to sign document digitally as well as encrypting and decrypting email messages. Samsung KNOX enables Public Key Infrastructure certificates to be stored in a secure manner on the mobile devices. The National Institute of Standards and Technology issues certification and validations which ensure that certain companies make informed decisions when choosing the devices that they should use in their places of work. The companies covered are the ones which deal with information which is sensitive but not classified. This is attained through certification to hold the Federal Information Processing Standard (Samsung, 2013). Samsung KNOX does meet the requirements for FIPS 140-2 Level 1 certification. This certification covers both data at rest as well as data in transit. Samsung KNOX has complied with the Security Requirements Guides developed by the Defense Information Systems Agency (DISA). These guidelines are aimed at ensuring that information systems of the Department of Defense are property secured (Himmelsbach, 2013). 5.0 Conclusion and Recommendations 5.1 Conclusion Samsung KNOX has been developed with the aim of dealing with shortcomings that many corporations have found to exist in open source Android platform. These shortcomings had acted as a stumbling block for enterprises wishing to adopt the Android platform. Samsung KNOX incorporates a number of measures which are meant to ensure that the security concerns raised previously have been fully addressed. Secure Boot and other security enhancements have made it more difficult for hacker and malware attacks. Samsung KNOX Container enables enterprises to have zones in devices used by employees that are secure and it is possible to restrict access to corporate data and network resources. IT administrators are able to manage the devices used by employee as well as offering the needed support by configuring the devices remotely. 5.2 Recommendations Samsung KNOX provides a revolutionary platform which many enterprises should embrace to improve on their day to day operations. Governments and government agencies could take advantage of the additional security features which make it possible for sensitive information from government agencies to be stored and passed on from one point to another. Private individuals should embrace the new technology to improve their experience on the use of mobile phone devices as they are able to recover their stolen devices and divide personal and office information. References Fowler, D. (1999). Virtual private networks: Making the right connection. San Francisco, Calif: Morgan Kaufmann Publishers. Google. (2013).Android. Retrieved from http://www.android.com Gralla, P., & Lindley, E. (2006). How personal & Internet security work. Indianapolis, Ind: Que. Himmelsbach, T. (2013). Survey on today's smartphone usage. S.l.: Grin Verlag Ohg. Ilyas, M., & Ahson, S. (2006). Smartphones. Chicago, Ill: IEC. Rhee, M. Y. (2003). Internet Security: Cryptographic Principles, Algorithms and Protocols. Chichester: John Wiley & Sons. Samsung. (2013). Samsung KNOX. Retrieved from https://www.samsungknox.com/en Samsung. (2013).White Paper: An Overview of Samsung KNOX. Suwon-si:Samsung Electronics Co. Ltd. Speed, T., & Ellis, J. (2003). Internet security: A jumpstart for systems administrators and IT managers. Amsterdam: Digital Press. Vacca, J. R. (2006). Practical internet security. New York, NY: Springer. Zheng, P. & Ni, L. M. (2006). Smart phone and next generation mobile computing. San Francisco, Calif: Morgan Kaufmann. Read More