Samsung Knox Platform for Enterprise (KPE) is the mobile industry’s leading embedded security platform. It is a series of overlapping defense and security measures anchored in Samsung mobile devices’ chipsets, spanning the firmware up to and including the application layer. KPE is designed to ensure the integrity of Samsung mobile devices from boot through run time, and has more government and third-party security accreditations than any other mobile device, platform, or solution.
Along with the accompanying portfolio of Knox Cloud Services which provide the industry’s leading configuration, customization, management, and firmware controls, KPE forms the backbone of Samsung’s enterprise business strategy.
Beginning in 2019, KPE will evolve to secure 5G networks, Enterprise IoT, and deliver AI-powered security.
Samsung Knox: Securing 5G
We are in the early stages of a massive transformative shift in the mobile industry, one led by the imminent deployment of 5G at scale which in turn will enable the accelerated propagation of Enterprise IoT.
KPE has always been centered on the mobile devices that we interact with directly every day: smartphones, tablets, and smartwatches for example. More recently we have begun including variants of the platform in displays and appliances. Our objective is to include KPE in every network-connected enterprise device that we manufacture.
And 2019 will see the beginning of an evolution of Knox towards the network itself.
- We will begin embedding the Knox security platform into Samsung 5G microcells and access points.
- We will continue to expand the Knox security platform into other devices and endpoints.
- The combined power of on-device and on-network security will ensure data integrity and a quality of service for Samsung customers and partners that will be unmatchable.
This increasing number of interconnected endpoints will generate a vast quantity of data, much of which will need to be securely transacted in real time. AI solutions form the new basis for business decision systems, either as an assistive technology or empowered to act on their own. And Knox is evolving to address the privacy needs and security management concerns of enterprise and government customers in this new 5G-enabled, AI-driven world.
Samsung Knox: AI-based security analytics
KPE includes network platform analytics: granular, contextual information about the status and activities of the device that is unavailable in third-party solutions or on other devices and platforms.
In 2019, Samsung will be expanding the capabilities of the analytics platform built into KPE to provide AI-based security analytics.
1. This will begin with enhanced security awareness, for example
- Granular device/network monitoring
- Security visibility & measurement
2. Thus leading to actionable insights, for example,
- Alerts for human users to resolve configuration conflicts
- Recommendations for human users to update configuration policies
3. Our longer-term vision is to enable automated response scenarios, for example
- Automated policy update based on changes on device or network
- Automated device reconfiguration based on emerging threats
Strategic Samsung partners such as Unified Endpoint Management, Mobile Threat Defense, Secure Communication, and other solution providers will benefit from access to KPE by providing our mutual customers with more advanced, more granular, and more intelligent services.
Knox Service Plugin
Samsung’s Knox Platform for Enterprise (KPE) APIs that reside on device are currently used by Enterprise Mobility Management (EMM)/Unified Endpoint Management(UEM) partners and others to integrate support for KPE’s unique security and management features. However, support for specific features is inconsistent across Samsung’s partner ecosystem, and few partners are able to provide zero-day support for all new features upon release due to lengthy development cycles.
At MWC 2019 Samsung is announcing the Knox Service Plugin.
The Knox Service Plugin is an application that calls the KPE APIs on device. For Android devices, partners such as EMM/UEM vendors will only need to build support for that application into their management consoles once simply by leveraging a commonly available component of Android Enterprise known as managed configuration, thus eliminating the development burden that had previously been placed upon them. In turn our mutual customers will then have automatic and consistent access to every Knox feature as they are released.
At Mobile World Congress 2019 in Barcelona, Samsung is demonstrating the Knox Service Plugin in partnership with leading UEM partners including:
- IBM® Maas360® with Watson™
- VMware® Workspace ONE™
- SOTI MobiControl®
- Samsung Knox Manage
General availability of KSP will expand across Samsung’s partner community throughout 2019 including:
- Citrix Endpoint Management
- Others to follow
The Knox Service Plugin leverages Android OEMConfig to ease support for Knox Platform for Enterprise features by our EMM/UEM partners, ultimately for the benefit of our mutual customers. It will support Knox security policies such as advanced restrictions, flexible VPN configurations, biometric authentication controls, Samsung DeX management, etc.
Later in 2019, this vision will expand to support non-Android Samsung devices such as wearables, Enterprise IoT nodes, and 5G access points via a full-service Knox Service Platform of which the plugin will be a component. Advanced Knox capabilities such as firmware management, attestation, advanced DAR (Data-At-Rest) protection, rebranding, and security analytics will be available based on the Knox Service Platform. This will fulfill our vision for Knox to be the built-in security and management platform for all Samsung enterprise devices and services.