June 21, 2022

Knox Guard protects enterprise mobile devices and data against theft and loss

Marcelo Carvalho

z fold

Information security experts tend to focus on what’s on a smartphone, such as corporate data or access credentials. Meanwhile, the device itself is often seen as disposable, not worth worrying about. But IT managers know that smartphones and tablets represent a significant investment when multiplied by thousands of employees, and deserve to be protected.

Samsung Knox Guard offers an inexpensive option to protect and control access to corporate mobile devices — and the data they hold — when a device is lost, stolen or just misplaced.For less than a penny a day, IT managers can use Knox Guard to remotely lock and even wipe devices whenever they’re connected to the network, either through cellular data or Wi-Fi. It’s all controlled from a Knox cloud-based portal. Knox Guard capabilities are built into all Samsung smartphones and tablets, and operate using layers of security from the chip level on up¬ — meaning a factory reset or malicious attempt to modify Samsung software can’t bypass Knox Guard’s fraud and theft protections.


Knox Guard is ready right out of the box

Knox Guard protects Samsung devices even before they’re unboxed, with frictionless, out-of-the-box activation. Samsung resellers can load devices into the Knox Guard portal as they’re shipped. Alternatively, IT managers can load devices themselves after they receive them. Once the device is licensed and device enrollment is completed in the Knox Guard portal, IT managers have complete control over device access and can remotely lock, wipe and set other configuration policies as needed.


Knox Guard complements mobile device management (MDM) and enterprise mobility management (EMM) solutions, providing another layer of security with protections that extend outside the coverage area of MDM solutions and can’t be bypassed. IT managers can use MDM and Knox Guard together to prevent malicious attempts to disable theft and loss protection. Knox Guard operates immediately, like an MDM, when the device is connected to a network. But it also delivers protections even if someone disables the network or removes the SIM. IT managers can define a Knox Guard policy that locks a mobile device that has been disconnected for a set number of days.


If a device is reported as lost or stolen, an IT admin can immediately issue the lock command from the Knox Guard portal. Knox Guard protects against malicious users disabling the lock by leveraging Samsung Knox hardware-backed security that prevents tampering and installation of unauthorized firmware. Knox Guard can even help recover lost or stolen devices by displaying customizable messages and options to contact the company via email or phone call, direct from the lock screen. And if a legitimate user needs to unlock their mobile device but doesn’t have a data network connection, Knox Guard’s two-step verification provides a secure way to confirm authorization by the IT administrator.


Knox Guard was originally developed for companies focused on protecting Samsung mobile devices as an asset — companies such as carriers and mobile virtual network operators (MVNOs), logistics and leasing/finance companies that want to control devices until they are fully paid for. For these companies, the primary requirement was to restrict the fraudulent use of devices. But Samsung has recently enhanced Knox Guard to add features needed by enterprises and even small businesses that want to protect their corporate mobile devices. There’s no minimum number of devices you need in order to use Knox Guard.


Enhanced lock and wipe capabilities

Knox Guard delivers enterprise-level protection in many different use cases. If people are being assigned smartphones for both business and personal use — also known as Corporate Owned, Personally Enabled (COPE) — Knox Guard mitigates risk from theft and loss of both the devices and their data by allowing IT managers to permanently lock the devices, restricting app use, calls, texts and more.


As part of shipping and transportation operations, for example, companies may need to provide their drivers with dedicated mobile devices that they can use as navigation aids, maintenance/mileage trackers and push-to-talk (PTT) communications devices to stay in touch with dispatchers. If one of those devices goes missing, Knox Guard can permanently lock the device, protect the data contained on it and — because the device is inaccessible and has no use — it immediately reduces theft motivation.


Knox Guard’s lock capabilities go beyond just “locked” or “unlocked.” IT managers have granular control over how and when a device is locked and can build policies to control locked device behavior. For example, IT managers can customize the lock screen message and set a default contact number or email. More advanced policies can include selected corporate or support apps on the lock screen that help users resolve issues. Policies can also include SIM control to restrict incoming or outgoing calls and messages, or define a designated phone number, such as the corporate help desk, as the only number that can call or be called.


For enterprises that want to protect their Samsung mobile devices and the data they hold, Knox Guard is an affordable, easy-to-use solution that protects your investment for less than a penny a day.


Learn more about how Samsung Knox Guard protects enterprise mobile devices and data against theft and tampering for less than a penny a day. And get more tips on how to better secure the personal and work data on your mobile phone in this free comprehensive guide.