Samsung sees Knox as key to Android in the enterprise

Jae Shin, vice-president of Samsung’s Knox business group, is candid about enterprise customers being wary of letting employees use Android devices on company networks.

Online criminals have Android in their sights. It is the riskiest smartphone OS choice.

Shin says that’s why many large companies have previously banned Android devices from the workplace.

Android, enterprise’s second choice

He admits that’s cause problems for Samsung selling its phone to those customers. The electronics giant has a roughly 60 percent share of the worldwide Android smartphone and tablet market. Android has fallen behind iOS in winning enterprise accounts. If companies choose not to buy Android kit or even allow workers to bring and use their own Android kit, Samsung is shut out of the most lucrative accounts.

Which explains why Samsung developed Knox. And why Shin visited New Zealand to promote the Android security system.

The thinking behind Knox is to have a strongly branded end-to-end security product so companies can confidently use Samsung’s Android devices. Knox creates a secure area on devices and puts containers around Android apps. Shin says this doesn’t interfere with users personal activities. But it does protect business data. So, for example, an employee can’t cut and paste information from a confidential company document into a private email.

Beyond BlackBerry

That sounds simple enough, but in practice it’s hard to do. The only other example of this approach that I’ve seen is on BlackBerry – which has such a tiny market share, it almost doesn’t register on anyone’s radar.

Meanwhile, Knox is strictly for Samsung devices.  The basic services are built into Samsung device hardware at the chip level. Each device has a unique identifier that is needed by Knox’s higher layers.

It’s hard to game the system. Shin says there’s a physical fuse inside Knox-enabled devices. If the device is ‘rooted’ – effectively a technique of bypassing the standard manufacturer supplied systems software – the fuse blows. From that point on Knox sees the device as ‘untrusted’. As Shin says: “An untrusted device has no place in the enterprise”.

Knox has to earn its keep

I asked if Knox is a cost-centre within Samsung. Is it something the company has invested in for strategic reasons or does it expect a direct return? Samsung New Zealand director Verdon Kelliher says no: “It’s a line of business”. Shin effectively says it has to earn its keep.

It turns out Knox is earning its keep. A year after it first appeared more than a million users have activated the system.

Knox isn’t cheap, it works out at about NZ$5 per month per user. That’s a lot of money given most devices have a two-year life. It adds about 10 percent to cost of buying a device. Maybe enough to make companies think again about choosing Android?

In truth, many companies don’t choose devices, they have BYOD policies that leave device choices to their employees. In that case the Knox fee may be a small price for companies wanting to secure their data.

Another problem facing Samsung is if Google sees Knox as a threat – there’s talk that it isn’t entirely happy with the project. Google has already leaned on Samsung over the software it adds to devices – recently Samsung dialled back on replacing core Android apps with its own proprietary software. Knox could be the key to getting Samsung into enterprise accounts, but that would only push non-Knox Android kit further into the background and put more tension into Samsung’s tense relationship with Google.