Samsung KNOX and Centrify – Pre-Launch Update

Earlier this year, our CEO Tom Kemp wrote a detailed post describing Samsung’s new enterprise platform called KNOX.  KNOX was unveiled at Mobile World Congress earlier this year where we also remarked on new enterprise mobility trends. Well, the launch date for KNOX is nearly here.  In preparation for launch, we have met with many potential customers and partners.  We noticed some recurring themes in these conversations; and in this post, I’d like to address some of the more frequently asked questions.

1. Why do we need a mobile container?  What’s wrong with conventional MDM?

The reason secure mobile containers for business and similar types of technologies are becoming popular is because they are more effective at addressing the BYOD problem than “conventional” MDM (I will explain why I’m using quotation marks a little later).  As the name implies, “conventional” MDM allows enterprises to manage devices.  Typical features include remote lock and wipe, password change, software installation, remote configuration etc.  So what’s wrong with that?  Well, keep in mind that in today’s BYOD environment, this is done to YOUR device.  How would you like your employer to wipe or lock your phone?  In other words, “conventional” MDM can be a fairly crude tool.

The KNOX container is different because it creates a completely isolated, secured and managed environment on your device which prevents co-mingling of business and personal applications and data.  KNOX turns your phone into a dual-persona device with clearly separated personal and business identities.

So why did I use those quotation marks in “conventional”?  Because the MDM industry and technologies are also evolving rapidly and many MDM vendors are working on various solutions to these problems.  And don’t forget, the container itself needs to be managed too.  The same very functionality that seemed too crude applied to the entire device is perfectly acceptable when applied only to the enterprise container.

2.  What exactly does Centrify contribute to the KNOX solution?

Centrify enables 2 key functions inside KNOX.  The first one is the unique one-click sign-on (Zero Sign-On or ZSO) for employees.

Why is this important?  Because login + password framework is inherently inconvenient and unsecure.  We use dozens of apps and websites requiring login.  For most of them, we try to use the same password (which is very unsecure – a single compromised password gives access to many of the systems we use).  Also, some apps have different password requirements than others and we often forget which login / password combination is for which app.  And typing and retyping logins and passwords on a tiny keyboard is no fun.  In other words, it’s a mess.  It’s also worth mentioning that around 40% of ALL calls to IT have to do with password resets.  Just think about that number for a minute…

The second feature Centrify enables is administration of users, applications and the KNOX container, using existing infrastructure and familiar tools for IT administrators

Centrify uses existing Active Directory infrastructure to let admins easily enforce and update mobile security settings, lock or remotely wipe KNOX containers or other mobile devices, and secure access to email, VPN and Wi-Fi. Using familiar Active Directory tools, ADUC and Group Policy Object Editor, admins can see which devices or containers are assigned to a user, the properties of each device, and manage policies across all devices.  Enterprises can quickly achieve mobile device security with existing technology, skillsets and processes without the hassle.

3.  Another question we frequently get is “How can we get the Centrify Zero Sign On functionality akin to KNOX on other mobile platforms?”

We understand that in our BYOD world, cross-platform support is very important.  And while, we’ve made no formal announcements, we definitely have some ideas on how this can be addressed.  If this is something that’s on your mind as well, please don’t hesitate to email me at