Samsung KNOX: An Overview for Business Customers

Similar documents
An Overview of Samsung KNOX Active Directory and Group Policy Features

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Centrify Mobile Authentication Services for Samsung KNOX

A Practical Path to Unified Identity Across Data Center, Cloud and Mobile

Stop Password Sprawl with SaaS Single Sign-On via Active Directory

Centrify Mobile Authentication Services

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Google Apps Deployment Guide

Office 365 Single Sign-On: High Availability Without High Complexity

Single Sign-On for SAP R/3 on UNIX with Centrify DirectControl and Microsoft Active Directory

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Active Directory and DirectControl

BUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE.

Windows Least Privilege Management and Beyond

Best Practices for Adding Macs to Microsoft Networks

Business Protection. Personal Privacy. One Device. Enhanced Security for Your Network and Business Intelligence.

Mobile App Containers: Product Or Feature?

Improving Mobile Device Security and Management with Active Directory

Automating Cloud Security with Centrify Express and RightScale

Centrify-Enabled Samba

Top Six Things to Consider with an Identity-as-a-Service (IDaaS) Solution

Managing UNIX Generic and Service Accounts with Active Directory

Centrify Cloud Management Suite

Copyright 2013, 3CX Ltd.

What s New in Centrify Privilege Service Centrify Identity Platform 15.4

Ensuring the security of your mobile business intelligence

In-Depth Look at Capabilities: Samsung KNOX and Android for Work

SECURING TODAY S MOBILE WORKFORCE

PULSE SECURE FOR GOOGLE ANDROID

Company Facts. 1,800 employees. 150 countries. 12,000 customers and growing. 17 languages. 11 global offices

Mobile Device Management Version 8. Last updated:

BEST PRACTICES IN BYOD

Centrify Identity Service and Mac - Online Training

Direct Control for Mobile & Supporting Mac OS X in Windows Environments

Centrify Identity and Access Management for Cloudera

White Paper: An Overview of the Samsung KNOX TM 2.0 Platform

AirWatch Solution Overview

MOBILE APP SECURITY THROUGH CONTAINERIZATION: 10 ESSENTIAL QUESTIONS

CHOOSING AN MDM PLATFORM

How To Manage A Plethora Of Identities In A Cloud System (Saas)

ADDING STRONGER AUTHENTICATION for VPN Access Control

Securing Office 365 with MobileIron

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

What We Do: Simplify Enterprise Mobility

Symantec Mobile Management 7.1

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

Athena Mobile Device Management from Symantec

Google Identity Services for work

Symantec Mobile Management for Configuration Manager 7.2

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Securing VMware Virtual Infrastructure with Centrify's Identity and Access Management Suite

Centrify Cloud Connector Deployment Guide

AVG Business SSO Partner Getting Started Guide

Embracing Complete BYOD Security with MDM and NAC

ForeScout MDM Enterprise

IBM Endpoint Manager for Mobile Devices

The ForeScout Difference

Speeding Office 365 Implementation Using Identity-as-a-Service

STRONGER AUTHENTICATION for CA SiteMinder

Flyer 1. Meet evolving enterprise mobility challenges with Samsung KNOX

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

Samsung Telecommunications America. Samsung KNOX : KNOX Glossary of Terms and Acronyms

When enterprise mobility strategies are discussed, security is usually one of the first topics

Symantec Mobile Management Suite

Flexible Identity Federation

An Intelligent Solution for the Mobile Enterprise

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Symantec Mobile Management 7.2

Symantec Mobile Management 7.1

Cisco Mobile Collaboration Management Service

Centralized Mac Home Directories with ExtremeZ-IP

BYOD Guidance: BlackBerry Secure Work Space

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Advanced Configuration Steps

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

White Paper : An Overview of Samsung KNOX

USER TRAINING. Enterprise Mobility Solutions October 23, 2013

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

Secure, Centralized, Simple

The Oracle Mobile Security Suite: Secure Adoption of BYOD

MOBILIZE YOUR WORKFORCE FOR GREATER PRODUCTIVITY

Oracle Mobile Security

White Paper : An Overview of Samsung KNOX

How To Achieve Pca Compliance With Redhat Enterprise Linux

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Choosing an MDM Platform

Endpoint Management and Mobility Solutions from Symantec. Adapting traditional IT operations for new end-user environments

Ensuring the security of your mobile business intelligence

CA Mobile Device Management 2014 Q1 Getting Started

White Paper : An Overview of Samsung KNOX

Junos Pulse Secure Access Service Enables Service Providers to Deliver Scalable and On-Demand, Cloud-Based Deployments with Simplicity and Agility

SOLUTION BRIEF MOBILE SECURITY. Securely Accelerate Your Mobile Business

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

SA Series SSL VPN Virtual Appliances

How to Secure a Groove Manager Web Site

Enabling mobile workstyles with an end-to-end enterprise mobility management solution.

Windows Phone 8.1 in the Enterprise

White Paper: An Overview of the Samsung KNOX TM Platform

Transcription:

CENTRIFY WHITE PAPER. SEPTEMBER 2013 Samsung KNOX: An Overview for Business Customers Abstract Samsung, the mobile device market leader, has introduced Samsung KNOX for its Android-based mobile platforms to satisfy the device management and security needs of business and government customers. This document provides a more detailed overview of the enterprise integration and management features in Samsung KNOX with a focus on its capabilities for Microsoft Active Directory integration, policy management, Enterprise Mobility Management and Single Sign-On. Centrify Corporation PHONE: +1 (408) 542-7500 (North America & Worldwide) 785 N. Mary, Suite 200 +44 (0) 1344 317950 (EMEA) Sunnyvale, CA 94085 (+61) 1300 795 789 (APAC) +55-11-9999-10156 (Latin America) WEB www.centrify.com

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Centrify Corporation. Centrify may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Centrify, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2013 Centrify Corporation. All rights reserved. Centrify, DirectAudit, DirectControl and DirectSecure are registered trademarks and DirectAuthorize and DirectManage are trademarks of Centrify Corporation in the United States and other countries. Other brand names used in this document are the trademarks or registered trademarks of their respective companies. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE II

Contents Contents... iii Introduction... 1 Samsung Android overview... 1 What is Samsung KNOX?... 2 Platform Security... 3 Application Security... 4 Government and High Security Features... 4 Enterprise Mobility Management... 5 Why IT organizations care about Enterprise Mobility Management... 5 Microsoft Active Directory and Group Policy Management... 6 Background on Centrify... 7 Overview of Centrify s features in KNOX... 7 Container management... 7 Single Sign-On for mobile and web apps... 9 Mobile Authentication Services (MAS) Software Development Kit (SDK)... 10 Summary... 11 Benefits for organizations and IT administrators... 11 Benefits for mobile users... 12 Benefits for developers... 12 How to Contact Centrify... 13 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE III

Introduction Samsung, the mobile device market leader, has introduced Samsung KNOX for its Android-based mobile platforms to satisfy the device management and security needs of business and government customers. The purpose of this document is to provide a detailed overview of the enterprise integration and management features in Samsung KNOX with a focus on its capabilities for Microsoft Active Directory integration, policy management, Enterprise Mobility Management and Single Sign-On. Readers are also encouraged to consult the following additional resources: Samsung: White Paper: An Overview of Samsung KNOX Samsung: Introducing Samsung KNOX Samsung: Samsung KNOX website Samsung: Samsung for Enterprise (SAFE) website Gartner: Strategies to Solve Challenges of BYOD in Enterprise Centrify: Centrify and Samsung Partnership website Centrify: "An Introduction to Samsung KNOX" YouTube video Centrify: An Overview of Samsung KNOX Active Directory-based Single Sign-On Centrify: All Things KNOX Resource Center Samsung Android overview Samsung has quickly grown in the mobile space to become the leading provider of smartphones and tablets. Much of this growth has been fueled by its adoption of Android as a major platform for its mobile device offerings. Android is a popular open source-based operating system that is under the governance of Google. Even though Android has only been publicly available since 2008, it has been widely adopted by manufacturers and mobile users. In fact, by most measures, Android is the leading mobile operating system. Samsung was one of the early adopters of Android technology and has become the leading provider of Android-based smartphones and tablets. While Android has been popular with consumers, enterprise and government customers have been reluctant to endorse or deploy Android. This reluctance has been based on three major factors: 1. Since the Android operating system can be changed and the distribution of apps is not controlled by a single source, Android has been considered less secure and more prone to malware than other mobile platforms. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 1

2. Most Android platforms do not have the enterprise features that business and government IT managers require and are available on other mobile platforms, including centralized Enterprise Mobility Management, policy-based management, encryption and other key features. 3. Android does not have a way to segregate business data and apps from personal data and apps. This co-mingling of business and personal workspaces can lead to unprotected business data being leaked or compromised. In fact, until recently, many IT managers felt that Blackberry phones were the only options that addressed security requirements and enterprise needs. But this is changing. Samsung announced its SAFE (Samsung for Enterprise) program in 2012 to address some of these needs. Now, with the release of Samsung KNOX for supported Samsung Android-based mobile devices, Samsung and its partners go even further with state-of-the-art enterprise features and security enhancements that meet or exceed even the most stringent business and government needs. In addition, Samsung provides new technology to segregate users business and personal lives allowing one device to be used for both business and personal scenarios while ensuring optimal privacy and security. What is Samsung KNOX? Samsung KNOX is a new Androidbased solution specifically designed to enhance security of the current open source Android platform. KNOX is not a product or a single feature; instead it is a suite of enhancements to certain Samsung Android devices designed to address the needs of government and enterprise IT managers as well as employees. It is important to note that while many of these features are unique to the Samsung KNOX platform, Samsung has maintained full compatibility with Android and the Google ecosystem so that existing Android applications will continue to work on Samsung KNOX devices. Samsung starts with the latest Google Android mobile operating system platform and adds capabilities, or addresses shortcomings, in four key areas: 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 2

1. Platform Security: Ultra-secure operating system services. 2. Application Security: Enhanced application security and runtime features. 3. Government and High Security Features: Features for Defense and Government customers who must comply with enhanced security, data access and data handling standards. 4. Enterprise Mobility Management: Best-in-class enterprise device management. By implementing these features, Samsung KNOX substantially enhances not only the Android user experience but also the security and manageability of the platform. The following section provides a brief overview of the core components of each of these sets of enhancements. For more detailed information on these features, please refer to the resources listed at the beginning of the document as well as information available on the All Things KNOX Resource Center. Platform Security At the hardware and operating system security level, Samsung KNOX provides powerful, unique platform security enhancements which prevent tampering with the device. These enhancements include: Customizable Secure Boot: Secure Boot is a procedure that prevents unauthorized operating systems and software from loading during the startup process. Firmware images that are cryptographically signed by known, trusted authorities are considered authorized firmware. Security Enhancements for Android: Security-Enhanced Linux (SE Linux) was invented by the NSA in 2000 and is a port of Linux that includes numerous security enhancements. Samsung R&D teams have worked very closely with the NSA to port and integrate this technology into Android. TrustZone-based Integrity Measurement Architecture: Samsung s TrustZone-based Integrity Measurement Architecture (TIMA) was developed as a unique feature on Samsung mobile devices. TIMA uses ARM TrustZone hardware and runs in a secure mode that cannot be disabled and provides continuous integrity monitoring of the Android kernel. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 3

Application Security Samsung KNOX also includes features to enhance security at the application layer. These features include: Application Containers: Samsung s container technology is one of the most innovative additions to Samsung KNOX. This is a virtual Android environment that runs on the device and includes its own home screen, launcher and application environment. Applications and data in the container are completely isolated from applications and data outside the container. This allows the user to securely run business applications in the container while still having the ability to run personal applications outside the container in the standard Android environment. Data stored in one environment cannot be accessed or shared with the other environment. On-device Data Encryption: This feature allows users and administrators to encrypt data on the entire device, as well as any configured Samsung KNOX Container. Encryption is often required by government and regulated industries such as healthcare and finance. Virtual Private Network Support: Samsung KNOX includes support for virtual private networking (VPN). A unique feature of this implementation is the ability to set up different VPNs for each application. This allows secure communications to corporate networks for business applications while consumer applications can continue to function outside the VPN structure. Government and High Security Features Taken together, these security enhancements enable a mobile platform that can meet the strictest requirements of government and security-conscious enterprise customers. In addition, the KNOX platform complies with a number of government and security standards. These features and standards include: Smartcard CAC support utilizing both software and hardware Public Key Infrastructure (PKI) certificates. FIPS 140-2 Level 1 certification for both data-at-rest (DAR) and data-in-transit (DIT). Compliance with the Defense Information Systems Agency (DISA) June 2012 version of the Security Requirements Guides (SRGs) specification. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 4

Enterprise Mobility Management The final set of features available with Samsung KNOX addresses securing and managing the device by leveraging enterprise systems management solutions that are already in use in large organizations. These features make it easier to centrally control the device and apply consistent policies across all KNOX devices in the enterprise. Many of these features also provide users with a better experience by allowing them to self-manage tasks such as changing enterprise passwords or employing a single set of credentials to access all enterprise applications (also known as Single Sign- On). The container can be centrally managed by a corporate administrator from within Microsoft Active Directory. Before covering these important features, it is worth reviewing why organizations need these features and look at tools that are in use for managing users and other devices within the enterprise. Why IT organizations care about Enterprise Mobility Management One of the biggest challenges for IT administrators in a large enterprise is managing and securing a diverse range of computing devices. Over the last decade, solutions for managing personal computers have flourished and organizations can now centrally manager computers, deploy applications to these devices, impose policies on the use of the devices (including enforcing role-based policies) and manage access to the device through authentication and authorization tools. Most organizations have chosen to supply approved computers to their users which have already been setup with the necessary tools to manage the device centrally. More recently, users are increasingly turning to small, mobile, instant-on devices such as smartphones and tablets instead of computers for daily computing tasks. Likewise, organizations are seeing the benefits of using mobile devices to empower workers who are on the go. Yet, with these positive trends, there are a number of issues which challenge enterprise IT administrators including: Users who own their own mobile devices want to bring them to work and use them in their jobs. This introduces potential security, application deployment and management challenges which need to be solved by IT staff with the involvement of the end user before these devices can be deployed. Thousands of different mobile devices with dozens of different operating systems are now available each with their own challenges for deployment in enterprises. Therefore, many organizations only allow a limited number of known, tested devices to be used within the corporate network. IT managers want to be able to centrally control and remotely wipe devices, yet corporate device control becomes less feasible if these devices are owned by the end user and contain personal data in addition to corporate data. Mobile devices have the potential to carry sensitive enterprise data, yet with these devices always connected to the Internet, there is the potential for unintentional or even malicious 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 5

disclosure of information to outside parties. In addition, if devices are not secured with a passcode, enterprise information could be disclosed if the device is borrowed, lost or stolen. With users loading their own applications and accessing remote sites on the Internet, there is a constant concern about the possibility of viruses or malware that could compromise corporate data. In addition, mobile devices that organizations want to use are often not the same ones that end users have or want to use. To address these and other challenges, a number of vendors have emerged with non-integrated solutions for Enterprise Mobility Management. For organizations that have existing personal computers, especially Microsoft Windows-based computers, having a way to extend existing enterprise user and device management practices and solutions to mobile devices is highly desirable. With Samsung KNOX, these capabilities become a possibility on supported mobile devices. Microsoft Active Directory and Group Policy Management Organizations that have large numbers of Windows-based computers typically use Microsoft s server technologies as the underlying IT infrastructure for managing their users and devices. The foundation of Microsoft s infrastructure is Active Directory. Active Directory is essentially a database which stores information about users and devices and is wrapped in services that allow users and devices to join a secure corporate domain, authenticate users when they login, store preferences and provide other administrative tasks. Active Directory acts as the base for many other management services such as certificate services, rights management, domain services and group policy. Group Policy enables policy-based administration using Microsoft Active Directory. Group Policy uses directory services and security group membership to provide enforceable rules for users and devices that can be set by the administrator and applied across the corporate network. Policy settings are created using the Microsoft Management Console (MMC) snap-in for Group Policy and can be applied to resources based on rules, membership, roles or globally to all devices and users. While Active Directory, Group Policy and other Microsoft server-based technologies have been traditionally used to manage Windows-based resources, the services are extensible thereby allowing companies like Centrify Corporation to create solutions for joining non-microsoft devices, such as Apple Macs, Linux computers and UNIX servers to an Active Directory-based corporate IT infrastructure. More recently, Centrify has created solutions to enable mobile devices to join and be managed by the Active Directory system. Samsung has licensed this technology and includes it in its KNOX offerings. Given that Active Directory is used by a majority of enterprises, these capabilities significantly enhance the ability of enterprises to extend device and user management, authentication, and policy-based management to all KNOX-enabled devices. Administrators benefit by being able to centrally manage users and devices from a single console including the ability to allow or deny user access to corporate computing resources. Users benefit by having a consistent experience and a single set of login credentials for all resources managed by the enterprise. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 6

Background on Centrify Centrify provides Unified Identity Services across data center, cloud and mobile resulting in one single login for users and one unified identity infrastructure for IT. Centrify's software and cloud services let organizations securely leverage their existing identity infrastructure to centrally manage authentication, access control, privilege management, policy enforcement and compliance across onpremise and cloud resources. More than 5000 customers have deployed Centrify across millions of computers, applications and mobile devices to increase agility and security. With Centrify, organizations are reducing the costs associated with identity lifecycle management and compliance by over 50%. Since releasing its initial product in 2005, Centrify has expanded its portfolio from one product to a suite of software and cloud services that span data center, cloud and mobile environments with comprehensive support for over 450 systems and 1,500+ applications. Overview of Centrify s features in KNOX Centrify technology has been licensed by Samsung to enhance KNOX in three core areas of the platform: Active Directory-based mobile container management, Single Sign-On (or more aptlynamed Zero Sign-On ) for enterprise apps and a software development kit for software vendors and organizations who want to extend Zero Sign-On to their own applications. Container management As mentioned earlier, Samsung has developed container technology which allows administrators to create a secure and distinct business environment on any KNOX-enabled mobile device. Only approved applications can run in this environment and data associated with these applications can only be accessed from within the container. Once a container is created on a Samsung KNOX device, it can be secured through Centrify s integration services which tie back to Active Directory. This means that the container can join the Active Directory domain and appear as a managed device within the Active Directory corporate infrastructure. Administrators have full control over the container and can control user access to the container s apps and data. The administrator can also deploy and manage applications that are secured within the container. This gives users the freedom to carry one device for both work and play via a seamless and intuitive dual persona experience. Both personal and business data are kept segregated and private. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 7

Active Directory-based authentication and mobile device / container management Active Directory is deployed to manage users within an organization and for authenticating users when they log in to a device. The user s profile as well as group memberships is stored in Active Directory which can be used to control access to different IT resources. For example, if Mary Smith just joined your organization s sales team, the IT administrator would add her to Active Directory, setup up her profile information and provide her with a login password. The administrator would also add her to various sales-related security and distribution groups which would allow her to securely access the sales resources of the organization. In addition, computers that Mary uses at work could be joined to Active Directory ensuring that her devices are authenticated on the corporate network and are managed based on the organization s IT policies. With Samsung KNOX, Centrify extends Active Directory to Android-based containers. This means that the container is joined and secured through Active Directory. This benefits administrators since they can centrally control all of their users devices from a single console. If a user leaves an organization, administrators can not only turn off access to the corporate container on the KNOX device they can delete the container and remove all corporate applications and data. All this happens without impacting the user s personal applications and data that reside outside the corporate container. Group Policy-based management In addition to creating and removing containers, administrators also have access to fine-grained management of the KNOX device using Group Policy. As mentioned earlier, Group Policy works within the Active Directory infrastructure to allow managers to create IT policies such as password complexity requirements and have those policies enforced throughout the enterprise. Most IT administrators use Group Policy to manage their computers within the corporate network. Now with Centrify s technology in KNOX, administrators can manage KNOX containers, control access to containers and enforce corporate or mobile-specific policies within containers. All this happens from within the standard Group Policy console, which means administrators do not have to install different costly tools or learn different techniques for managing their mobile devices. For example, the administrator can view all end-user devices and drill down to see specific details related to the enduser s KNOX device. Policies such as allowing VPN or Wi-Fi access or configuring a firewall can also be pushed to the mobile device. Or the administrator can send a command to the KNOX device to create 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 8

a secure corporate container and pre-populate that container with approved corporate applications or setup an email account. Policies can also be related to roles. For example, a policy could be set up to grant all sales employees access to the corporate sales portal. There are over 470 policies that can be used with KNOX which leverage over a thousand management APIs. Single Sign-On for mobile and web apps Single Sign-On is a concept that allows users to log in to the corporate network one time and from there have full access to approved corporate resources, applications and data without having to reenter their credentials for each action. By extending applications using standards-based SAML and Kerberos technology, secure tokens can be used across a wide range of popular business applications. For example, a user could log in to his or her computer using his or her Active Directory username and password and then be able to launch local and web-based applications by just clicking on an icon without having to enter credentials for each application. Access to these applications is managed centrally meaning that access can be turned on or off for each user or groups of users from a central administrative console. Another benefit of Single Sign-On is instead of having to remember complex conforming passwords for each site or application, authentication is handled by the Single Sign-On system. In addition, users will be less temped to use insecure passwords or the same password across multiple sessions. Centrify has taken these concepts and extended them to Samsung KNOX and beyond. Now, administrators can setup a worker s environment for both web applications and native mobile apps on supported mobile devices. This includes setting up access and the Single Sign-On attributes for each application. Applications could include native apps such as Box or web-based SaaS (Software as a Service) applications such as Salesforce.com. These applications are then run from within the user s secure KNOX container on his or her KNOX device. In addition, Centrify provides a secure web-based user portal for running SaaS applications from any device that has a web browser. Administrators can also manage access from a browser-based console. Both these classes of web-based applications connect to authentication and access services 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 9

through the Centrify Cloud Service and the Centrify Proxy Server which interfaces with the organization s Active Directory infrastructure. Once users provide their password to access the container on their KNOX devices, they are taken to a Zero Sign-On experience and given direct access to their applications. Administrators benefit by having central control over IT apps and data while users benefit by having a simple, seamless experience moving from one app to the next without having to remember and enter complex passwords for each action. Mobile Authentication Services (MAS) Software Development Kit (SDK) In order to extend Single Sign-On capabilities to as many developers as possible, Centrify has built the Mobile Authentication Services (MAS) Software Development Kit (SDK), which is available from both Centrify and Samsung. This SDK includes the tools and libraries to allow corporate and ISV Android app developers to add Single Sign-On capabilities to their own mobile apps. In addition, developers have access to hundreds of KNOX and SAFE APIs which enable better security and management functionality for mobile applications. ISVs such as Box and Onvelop are part of a growing list of ecosystem partners which have used this SDK to enable Single Sign-On for their apps running on KNOX devices. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 10

Summary In summary, Samsung and Centrify have delivered a powerful set of solutions for extending enterprise mobile management and Single Sign-On to Samsung KNOX devices. Benefits for organizations and IT administrators With Centrify s contributions to Samsung KNOX, organizations and administrators can leverage their existing Active Directory infrastructure and skills and easily and safely add Samsung KNOX devices into their enterprise. With the enhanced security features of KNOX, organizations can allow users to bring their own KNOX-capable devices to work, yet have full control over sensitive corporate data, applications and network access. Additional benefits include: Central device and policy management of devices, applications, data and users. Standardization on a range of popular Samsung devices which can be supplied at work or brought to work by the user. Unified mobile device security and app management, including support for all SAFE v4 and KNOX controls. Rapid deployment of Cloud-based services. Automated role-based mobile application management. Compatibility with existing Enterprise Mobility Management products. Remote administration or removal of corporate data and applications even for Samsung devices owned by users. Creation of a secure corporate container for data and applications which is isolated from potential malware that might infect non-business applications. Limiting container applications to a pre-approved set and automatically deploying the applications to users devices. Prevention of corporate data from being shared with non-authorized applications. Elimination of the need for complex or insecure passwords for corporate applications through SAML-based authentication Workforce productivity users gain true multi-application Zero Sign-On when accessing apps from a Samsung KNOX device. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 11

Benefits for mobile users Users get the assurance that their personal data remains segregated on their devices while having the convenience of one-click access to their business applications, not only from the KNOX container, but from an easy-to-use web portal as well. Other benefits include: Safe enablement of workers personal Samsung devices when used in the workplace. Separation of users personal and business lives and data. User access to a portal for device and app management and location services Self-service management of passwords, passcode reset, device lock and wipe and other functions Multi-app Zero Sign-On for thousands of rich mobile apps and web apps in the KNOX container Benefits for developers Both corporate and commercial application developers now have an easy way to add secure Single Sign-On features to their own Android-based applications. This makes their applications easier to use within a secure corporate environment since users don t need to remember complex passwords every time they use the application and easier to administer. Additional benefits include: Centrify providing the backend authentication services for the Single Sign-On environment which means app developers don t need to develop these services themselves. Developer expansion into the enterprise by providing Single Sign-On applications on devices made by the largest supplier of mobile devices. By enabling Active Directory-based centralized user and container management and Single Sign-On for enterprise mobile and web applications, both enterprise administrators and users gain essential capabilities and benefits that are unique to the Samsung KNOX platform. With Samsung KNOX, IT obtains the security and control they require and employees get the privacy they expect for their personal data. For more information on Samsung KNOX visit the All Things KNOX Resource Center at: www.allthingsknox.com. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 12

How to Contact Centrify Worldwide Headquarters Centrify Corporation 785 N. Mary, Suite 200 Sunnyvale, CA 94085 United States Product & Sales Information North America: +1 (408) 542-7500 EMEA: +44 (0) 1344 317950 APAC +61 1300 795 789 Latin America: +55-11-9999-10156 Phone: +1 (408) 542-7500 Online: www.centrify.com/contact 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information