Recently there has been some significant news from Google and Samsung related to Android security. So let me use my first blog as part of the Centrify team to share some perspectives on this announcement and my opinions on where the mobile security market is heading.
Before I continue, you may be asking – Why Centrify? What role do they play in this space? Why does Centrify care about Android and security? Good questions! Centrify provides integrated enterprise mobility management (EMM) and identity access management (IAM) for the Android platform. We leverage both Active Directory and our cloud-based directory to facilitate identity and policy management, so we have a vested interest in helping make Android more secure. Centrify is also a strategic partner to Samsung — who happens to be the largest provider of Android devices and mobile devices — and Samsung recently co-invested in Centrify too. And finally Centrify has partnered with Samsung to enable key technology as part of the Samsung KNOX EMM solution — more on this later when we unveil details in the Fall.
This Google blog post and this Samsung blog post do a nice job of summarizing the news vis a vis Google’s expanded enterprise capabilities being introduced in “Android L” initiative. These blog posts provide detailed information following the more general joint press release from these vendors in June during Google I/O. Specifically, they announced that as part of Google’s expanded enterprise capabilities being introduced in “Android L” initiative, an upcoming version of Android (codenamed “L”) is adding the KNOX workspace capability (aka “Container”) which leverages the Android MUF (Multi-User Framework) to manage and separate application data.
When the Google I/O press release came out, there was some uncertainly in the market, with some observers claiming that Samsung KNOX was dead because it was being absorbed by Google and made available to all. So what’s the real story?
- Samsung KNOX is definitely not going away. Samsung firmly has its ambitions on solving enterprise mobile security challenges, and wants to do that with a combined mobile device and software offering.
- Some Samsung KNOX features are being incorporated into the standard Android distribution, so that the whole Android eco-system gains from better security for enterprise users. This is a good move on the part of Samsung and Google, because as an industry we need to raise the bar for security. By contributing part of Samsung KNOX into Android L, everyone gains.
- Since Samsung KNOX is a combination of hardware and software features, the hardware elements will remain only for Samsung devices — so the value to the market is that running Android L on a Samsung device will be more secure. This is obviously the way Samsung can show its differentiation in the market.
- For the developer community, the Android L APIs are being extended to include access to the additional Samsung KNOX features including a very robust and rich MDM API framework. By the way these features are not called KNOX, but have more general names such as “Data Separation” instead of “KNOX Workspace,” “Android Framework” instead of “KNOX framework,” etc.
- One target developer community is Enterprise Mobility Management (“EMM”) vendors such as MobileIron, AirWatch/VMware, Good Technology, etc., and of course Samsung KNOX EMM. These vendors can now leverage the base enriched Android EMM APIs to deliver policy-based management and configuration of Android devices.
- One of the key additions to Android from Samsung is the KNOX container technology — called Android “Data Separation.” As the name describes, when an App is within the “Data Separation area” any App data is fully encrypted and polices from the EMM vendor can be used to define what gets out, and what Apps can reach in. I specifically mention this addition, because previously EMM vendors had to build this capability themselves — so the highly marketed features called App Containization or App Wrapping from the EMM vendors are no longer required, as these are now built into the mobile OS platform itself.
So, the next question I’ve been asked is, “Is Samsung KNOX differentiated enough over and above expanded enterprise capabilities being introduced in Android L ?”
My assessment is that the answer is YES. For two reasons.
First, Samsung devices have additional hardware security measures making them compliant for defense grade applications and highly security conscious organizations such as financial and government industries. This is part of the core KNOX capabilities that is a superset (and compatible) with what is in the upcoming base Android distribution.
Second, Samsung is also offering KNOX EMM, KNOX IAM and the KNOX Marketplace. The significance of integrating cloud-based EMM and IAM to the underlying KNOX hardware enables Samsung to provide a fully integrated service for defining mobile app security policies. In my opinion, this will be critical for the enterprise customer, because they are seeking solutions from one vendor that bring together all the policy management for application security, instead of separate systems to define aspects of app policy.
So to finish, let me give you my opinion on the enterprise mobile security market. What you are seeing with this Samsung/Google announcement is that core security is being added into the mobile OS platform, so the overall need for layered products will diminish. Also, with vendors such as Samsung providing integrated EMM+IAM solutions themselves, this begs the question why enterprises need to stich together these component parts by themselves. We have already seen that the MDM feature set within EMM products has become a commodity, now parts of MAM are becoming a commodity with the Data Separation feature. I see this as a big disruptive move to make mobile enterprise security democratized for all — a win/win for enterprise customers and the Android community — and a giant leap forward for Android in the enterprise.
What do you think?