By Doug Miller
This month I attended the International Association of Privacy Professional’s Privacy Academy and there was a lot of talk about BYOD (Bring Your Own Device). BYOD is the concept of letting workers bring their own favorite mobile devices to work and use them to connect to corporate resources such as email, document portals and business applications for tasks such as customer relationship management.
But for many privacy professionals and IT staff, the idea of BYOD is seen as an administrative and privacy nightmare. How does the organization protect its sensitive data when accessed or stored on a personal mobile device? How do you handle access to regulated data that might require encryption or other advanced features? For workers, how can their personal information and apps be kept separate from their work apps and data? How do IT staff manage the devices? What happens to all that data when a worker leaves the organization? What happens if the worker loses his or her device? And the list goes on. During one session titled “The 3 Keys to Mastering BYOD” one privacy professional went so far as to predict BYOD is OUT. These issues were seen as insurmountable for her organization, they were no longer pursuing a BYOD program.
So does this mean that BYOD is dead or are there solutions for these concerns? Having used Samsung KNOX on a Galaxy S4 for the last couple of months, I knew that these challenges could be addressed. Let’s look at each of these issue areas and see how KNOX addresses them:
Protecting sensitive corporate data and keeping personal and business data and apps segregated
One of the key features of KNOX is the ability to create a secure application container where corporate applications can be run and sensitive corporate data can be stored. This protected virtual environment is totally separate from the traditional Android user environment and can be created, managed and removed by an organization’s IT staff. This approach allows users to continue to use the device for personal activity while also enabling a workspace that is dedicated to work tasks. Data and applications in each environment are not able to access data and applications in the other environment. The application container is encrypted and password protected so business assets in the container are safe even if the personal side of the device is lost or compromised.
The key point is a worker can continue to use their own device for personal tasks such as Facebook and Gmail while also having a protected area dedicated to work tasks and data.
Centrally managing KNOX devices
With the addition of technology developed by Centrify, KNOX devices can be managed from within Microsoft Active Directory, just like other computing devices used by workers. This means KNOX devices can be joined to the Active Directory domain, centrally managed and policies can be created and enforced on the device. These capabilities go further by treating the KNOX application container as a separately managed area where corporate applications and policies can be auto-deployed and Single Sign-On is enabled for approved applications.
Managing workers who leave the organization or dealing with lost devices
One of the biggest challenges for IT staff is how to handle corporate data on personal devices when a worker leaves the company. Is it possible to remove corporate data and access to resources without impacting a user’s personal device? With KNOX, the answer is yes and accomplishing this couldn’t be easier. The IT admin simply issues a command from his or her console to remove the KNOX container. When this happens, the business container disappears and all corporate data and applications on the device also disappear. But the user’s personal applications and data on the device are not impacted. The device continues to be fully functional but access to the corporate assets is no longer possible.
Likewise, if a worker loses his or her device, the IT admin or the user can log into a web portal and issue a command to wipe the device or remove the container.
In summary, Samsung KNOX uniquely addresses some of the biggest challenges of BYOD and makes it possible to keep both users who bring their devices to work and IT staff who have to deal with these devices happy. This post provides a brief overview of just a few of the features. For more information on Samsung KNOX see the Centrify White Paper titled “Samsung KNOX Overview for Business Customers.”