July 17, 2024

Boosting the security and productivity of Knox Remote Support: Introducing Role-Based Access Control

Samsung Knox Team
 Top Image

All IT admins, no matter the size of their organization, are managing multiple devices. This extends beyond making sure the devices are working. IT admins manage the security of the company, keeping employees from accessing dangerous or prohibited apps or websites on their company devices.

With so many constantly moving parts, human error is inevitable – even the most efficient IT admins let things slip through the cracks. It’s imperative that IT admins have the right solutions that help them get their jobs done while minimizing the room for error.

At Samsung, we take pride in providing the best solutions through Knox Suite. We’re constantly looking for new ways to make it easier for IT admins to do their jobs well.

We’re excited to announce that, as of this latest release, Knox Remote Support  has adopted Role-Based Access Control, so IT admins can now set different access permissions each role separately.

Let’s talk about how this new feature boosts security and productivity.

 

The importance of Role-Based Access Control

Role-Based Access Control, or RBAC for short, is critical when it comes to maintaining operations and strengthening security. Simply put, RBAC gives IT admins the ability to assign permissions to users based on their role within the organization. Introducing RBAC to B2B solution is crucial since most industries have regulations and standards on data protection and access control. With RBAC, it’s easier to comply with strict privacy requirements.

How exactly does RBAC help?

Enhances security

RBAC follows the Principle of Least Privilege, or PoLP, an information security concept centered around the idea that users should only have access to what they need to complete their daily tasks or workflows. PoLP is a fundamental aspect of the zero-trust networking security model.

Read more about how Samsung is strengthening mobile security through Zero Trust Collaboration.

Limiting access only to what’s necessary is a great way to minimize unnecessary threats and reduce the costs that come from data breaches. With the help of RBAC, IT admins can incorporate PoLP into their security systems, eliminating their need to worry about their company’s overall network architecture or protocols. They can easily grant users only the permissions they need to perform their tasks at hand.

Simplifies management

Introducing RBAC lets IT admins assign the necessary permissions to employees based on their roles. They can assign and modify permissions collectively, too, depending on the roles of specific user groups. This new functionality makes it easier to respond quickly if certain permissions need to be reassigned, or to onboard new employees with the correct permissions to get them started.

RBAC simplifies an IT admin’s day-to-day tasks, and helps them work more efficiently.

IT admins can utilize Knox Remote Support to remotely control a user’s device. Due to the inherent security risks associated with this capability, implementing RBAC for this solution is crucial. Mobile devices often store sensitive corporate data along with the device user’s personal information. By leveraging RBAC, IT admins can restrict remote control access to authorized individuals, mitigating potential threats to the organization’s security.

The different permissions in Knox Remote Support

Let’s take a quick look at the different permissions super admins can grant to other admins.

 

With the introduction of RBAC in KRS, super admins can grant sub admins to the permission to:

  1.  Modify and delete devices from the Devices menu.
  2.  Initiate their own support sessions with user consent.
    • For fully-managed devices, super admins can even grant sub admins the permission to forcefully initiate sessions that ignore the need for a user’s consent.
    • Super admins have the option not to grant any permissions at all, especially if they can’t launch Knox Remote Support.
  3.  Control devices during remote support sessions.
    • Super admins can configure even more granular permissions, like allowing them to simply observe through the Knox Remote Support Viewer while the device user controls the device, or limiting their actions to taking screenshots, recording devices, or transferring files. IT admins can also control device user’s screens remotely, including the hardware keys and the navigation bar.

To help you envision how this works, picture yourself trying to set up roles and permissions for a third-party support member. You can restrict that specific team member from remotely accessing an employee’s device without the employee’s consent, and add an extra limitation that they’re only allowed to observe devices using the Knox Remote Support Viewer.

Now that RBAC is available on Knox Remote Support with this latest release, we highly encourage customers to try it out and experience all the benefits for themselves!