Samsung Knox EMM to manage Android and iOS

Samsung has improved Knox's mobile security features, but businesses aren't sure about using the device manufacturer's new EMM tools.

Samsung has joined the growing list of enterprise mobility management providers, but questions remain about its approach to managing iOS and competitors' mobile devices.

I just don't see anybody going to Samsung... to buy EMM. 

-Brian Katz, head of mobile innovation at a major pharmaceutical manufacturer

Samsung Knox EMM, a new cloud service will provide management of Apple Inc.'s iOS and Google Inc.'s Android devices and applications. Samsung also upgraded its Knox security platform during Mobile World Congress 2014 this week.

It's a big step up for the Korean electronics giant, which previously limited itself to building management and security APIs into some of its smartphones and tablets. Third-party enterprise mobility management (EMM) products will hook into those APIs and manage the devices.

"There is an uphill battle that Samsung needs to fight to try and convince businesses that they are a serious player here and not just a consumer electronics company," said Jeff Wilhelm, chief technology officer at Envision Technology Advisors, an IT solutions provider in Pawtucket, Rhode Island.

Can Samsung Knox EMM succeed?

Knox EMM features include management of mobile and Web apps, plus a self-service portal for IT administrators and end users. Users can access corporate applications with a single sign-on through Knox EMM's identity access management, which integrates with Active Directory on-premises and in the Microsoft Azure cloud.

Organizations will be able to purchase licenses through a website called the Knox Marketplace. Cloud-based business apps, such as Box, will  be available on the site. As of Tuesday, clicking on the Knox Marketplace prompted a message that the service is not yet available in the U.S.

Samsung has had tremendous success as a device manufacturer, capturing 32% of worldwide smartphone market share, according to a November 2013 report by Gartner. Second-place Apple had 12%. But this dominance won't necessarily translate to the EMM market, said Brian Katz, head of mobile innovation at a major pharmaceutical manufacturer in New Jersey.

"Samsung makes terrific devices, but that doesn't tell me what they do as far as having enterprise management software chops," he said. "I just don't see anybody going to Samsung, who is an unknown in this game, to buy EMM."

More on Samsung Knox

How Knox updates could challenge BlackBerry

Enabling the important features of Samsung Knox

Seven things you need to know about Knox dual-persona

More device manufacturers are doing management these days. On the same day as the Samsung Knox EMM announcement, BlackBerry unveiled BlackBerry Enterprise Service 12, its latest offering for managing BlackBerry, iOS, Android and Windows Phone devices. Microsoft's EMM platform also debuted late last year.

Unlike Samsung, however, BlackBerry and Microsoft have longstanding legacies as management software vendors.

"It's not like they sat there and said, 'Hey, let's get in the management business today,'" Katz said. "It's their bread and butter."

Samsung did agree to Knox partnerships with many established enterprise software vendors, including CA, Citrix and Good Technology. That may help IT to warm up to this new service, said Ralph Rodriguez, CEO of Blue Hill Research, an analysis firm in Boston.

Samsung updates Knox security

As previously reported by SearchConsumerization, Samsung also made some improvements to its much criticized Knox mobile security platform.

In its previous incarnation, Knox only managed wrapped applications with additional security and management features built in. This approach limited the number of apps it could control, because it required developers to modify their apps' code.

Samsung Knox, however, creates separate personal and work profiles on Android devices. Any publicly available app from the Google Play store, as long as it supports Android's multi-user framework, can run in the work profile -- a secure container that runs a version of Android with enhanced security.

IT administrators will be able to whitelist and blacklist certain apps from running in the work profile. They'll also have control over which data, such as contacts and calendar items, can move between the work and personal profiles.

It's unclear how Knox will manage iOS devices and apps, however.

"They can't take that same approach," Rodriguez said.

How will Samsung Knox manage iOS?

Given Apple's history and its fierce rivalry with Samsung, it's fair to say that Knox EMM will not be allowed to access iOS device hardware to implement security as it will on Android. In that case, Samsung may have to go with an all-software approach, basically creating a layer of middleware that runs on top of iOS, Rodriguez said. That could introduce additional complexity and vulnerabilities, he said.

Wilhelm also had questions about how Samsung would manage and secure other manufacturers' devices compared to its own. Eight of its devices, including the Galaxy S4 and Galaxy Note 3, support Knox.

"For standard Android and iOS devices, they are not offering anything that isn't present in many other products," he said. "For devices running the Samsung Knox architecture, they are able to offer some additional features, because those devices are hardened from the hardware up."

Some of those features include malware monitoring at the Linux kernel level, a secure storage area for encryption keys and client certificates, and integration with third-party VPN vendors.

Samsung did not respond to a request for comment.

Site Editor Alyssa Wood contributed to this report.

Dig Deeper on Google Android operating system and devices