Maio 16, 2022

Enhancing data separation with Android and Samsung Knox

Valentine Igbokwe

samsung s22 ultra

Android smartphones and tablets have always been ahead of the curve when it comes to using the same device for both work and personal functions. It’s far easier to just carry one device (as opposed to both a work, and personal one), and Android developers have long provided a secure way to partition a single device to maintain privacy and keep enterprise data safe.

 Android’s work/home model has changed over time, both as device capabilities have increased and as Android’s active user community has refined its view of what features are needed. With Android 11 and 12, “Work Profile” is the latest idea in how to separate home and work on the same device.


Using ‘Work Profile’ on Android

"Work Profile” provides a full separation between the work side of the device and the personal side. In general, when a work profile is created and linked to an enterprise mobile device management (MDM/EMM/UEM) tool, the company has full and complete control over what’s inside of the work profile — but cannot touch anything on the personal side. Exactly how this works varies, depending on who owns the smartphone or tablet. If it’s an employee-owned device, what we call a BYOD (Bring Your Own Device) configuration, then the organization can only see data and control settings within the Work Profile part of the device. However, if it’s an organization-owned device, what we call a COPE (Company Owned, Personally Enabled) configuration, the organization has considerably more control over the non-Work Profile part of the device.

Both the BYOD and COPE configurations allow the end user to have a true dual-use device: one with a private and isolated work space and a separate private personal space, and some technological guarantees that the company can’t invade the personal space. However, not every organization is compatible with BYOD or COPE models — sometimes it’s just too risky to go for the dual-use case because of the type of organization, the sensitivity of the data or the regulatory environment.

For these types of organizations that don’t want private use of the company smartphone, the standard Android answer is to go for a “COBO” configuration: Company Owned, Business Only. With COBO, the device isn’t partitioned; it’s fully dedicated to company applications and the organization’s MDM/EMM/UEM has full control of every part of the device.


Managing untrusted apps

But there’s still another issue: what about work applications that are not really trusted? Let’s look at a healthcare organization which has super-strict privacy requirements for patient data. Employees will want to take their company smartphone during a business trip, and they might need to use the Delta Airlines app, the Intercontinental hotels app, and the Uber ride sharing app, all as part of their official travel. Those are work applications, but that doesn’t mean that the healthcare organization can really trust the apps or the app developers, and they may not want those apps on their company-owned smartphone. With standard Android, the only option is to ask the user to bring in a second smartphone.

Or, our healthcare organization could choose Samsung smartphones, and take advantage of Separated Apps, a Samsung-exclusive feature. With Separated Apps, the IT team can select applications that are allowed to be installed on company-owned business-only phones, but place those third-party apps into a sandboxed folder. The apps cannot see any confidential work data or communicate to other work apps outside the sandbox. These aren’t private — the company MDM/EMM/UEM has full visibility and control of these applications and the data in them. But they are separated from the rest of the operating system, delivering a user experience somewhere between the COBO (business only) and COPE (personally enabled) styles.

Separated Apps are automatically available in all major MDM/EMM/UEM tools thanks to the Knox Service Plugin (KSP), a part of Samsung Knox Platform for Enterprise. KSP is Samsung’s OEMConfig plugin that delivers constantly updated device-specific configuration and control without requiring the MDM/EMM/UEM vendor to make any changes to their product. Knox Platform for Enterprises licenses are available to all customers without charge.

This potent combination of Android’s standard separation modes, combined with the extra capabilities of Knox Platform for Enterprise provides IT managers with the tools they need to address virtually every mobile usage policy. All that’s left for you to do is decide exactly what’s right for your team, and to implement everything accordingly.

Browse Samsung’s versatile range of business devices built on the Samsung Knox security and management platform.


[Icon] fechar

Comece a usar o Samsung Knox

[Icon] mala
Você é revendedor, provedor de soluções ou provedor de serviços?

Torne-se um parceiro Knox e comece a expandir seus negócios hoje.

[Icon] informações

Selecione um produto Knox para começar:

Pacote completo
Knox Suite
Reformulação da marca e personalização
Knox Configure
Proteção contra fraude e roubo
Knox Guard
Plano de proteção do dispositivo
Samsung Care+ for Business
Outros produtos e serviços

Comece a usar o

[Image] Knox Suite

Pacote de solução multifuncional para mobilidade empresarial.

  • Obtenha uma avaliação gratuita de 90 dias para até 30 dispositivos.
  • Um conjunto completo de ferramentas para proteger, implantar, gerenciar e analisar seus dispositivos corporativos.
  • Experimente os recursos poderosos fornecidos com o Knox Suite.

O Knox Suite inclui:

Knox Mobile Enrollment Gratuito
Knox Manage
Knox Asset Intelligence
Knox Platform for Enterprise Gratuito
Knox Remote Support
Knox Capture
Knox Authentication Manager

Comece a usar o

[Image] Logotipo do Knox Configure

Reformule e personalize seus dispositivos Samsung.

  • Obtenha uma avaliação gratuita de 90 dias para até 30 dispositivos.
  • Configure remotamente dispositivos Samsung em massa e adapte-os às necessidades específicas, imediatamente.
  • Configure seus dispositivos para implantação única ou atualize-os quantas vezes quiser.

Comece a usar o

[Icon] Logotipo do Knox Guard

Proteção contra fraude e roubo para dispositivos Samsung.

  • Obtenha uma avaliação gratuita de 90 dias para até 30 dispositivos.
  • Reduza os riscos financeiros e proteja os ativos por meio do controle remoto dos dispositivos Samsung.
  • Experimente todos os recursos do Knox Guard, inclusive controle do SIM e bloqueio de dispositivo.

Comece a usar o

[Image] Logotipo do Samsung Care Plus for Business

Planos de proteção para seus dispositivos Samsung.

  • Limite as interrupções dos negócios com trocas e reparos rápidos de dispositivo. Entre em contato com a equipe de vendas da Samsung para começar.
  • Veja todas as informações sobre reivindicações e cobertura do dispositivo em um só lugar.
  • Já adquiriu o Samsung Care+ for Business? Crie uma conta e acesse seu plano no console do Samsung Care+ for Business.

Outros produtos e serviços

[Image] Outros logotipos

Soluções modernas para atender às suas necessidades exclusivas.