GOVERNMENT-GRADE SECURITY


On-Device Encryption

Keep your data safer from unwanted eyes. On-device encryption is one of the many ways that Knox Workspace better secures your data.

How it works

Devices can be remotely encrypted or set to be automatically encrypted. When you lock Knox Workspace, the container automatically encrypts all data inside, both on the device’s internal storage and on an external SD Card. But when you unlock the container with your Knox password, all data is decrypted.

Security

Knox Workspace uses a 256-bit AES cipher algorithm to encrypt data on the device. Knox Workspace meets the requirements for FIPS 140-2 Level 1 certification. Experience more ways to protect data by enabling policies on a MDM console.

Additional resources


Per-app VPN

Use VPN to ensure that your data-in-transit is more secure and that network traffic is not congested with data from personal apps.

How it works

Knox Workspace offers 3 VPN options to better secure your data-in-transit. Device-wide VPN can be configured by the device user, provided they have the appropriate server name and other information. Per-app VPN and container-wide VPN can be created by IT Admins from the MDM console. From the MDM console, you can create up to 5 different VPN profiles and associate apps to each, allowing you to create and manage per-app VPN.

Security

VPN is the more secure way to protect your data-in-transit. The Knox VPN client will work with your existing VPN gateway to better secure your data. Knox VPN is FIPS mode configurable through your MDM console. Security features include NSA Suite B algorithms, X.509 support with OCSP-based certificate checking, and AES 256 bit encryption. If you company uses SmartCards, they can be configured with VPN login credentials.

Additional resources


Single Sign-On

Multiple logins for apps can be a hassle to manage and to monitor. Single Sign-On lets your employees use one company login to access all apps in Knox Workspace.

How it works

Knox SSO is used to login to multiple apps with one set of credentials. Our SSO can be configured to leverage a company’s existing Microsoft Active Directory to authenticate employees.

Security

You can configure and set password policies to meet minimum security requirements for all SSO enabled Knox apps and services. SSO does not include the password needed to enter the Knox container, this is a separate authentication than apps.

Additional resources