Samsung's School of Hard "Knox"
Unless Samsung gets its ducks in a row with regard to enterprise support, they may find increasing resistance to the platform fromIT departments.
In its ongoing attempt to carve out a special area within the fractured Android ecosystem, Samsung has now redoubled its efforts to offer an enterprise-capable version of its smartphones and tablets. Samsung had begun that effort with its Samsung for Enterprise (SAFE) program that provided advanced Microsoft Exchange ActiveSync features, on-device AES 256-bit encryption, VPN connectivity, and support for leading mobile device management platforms. In February of this year they announced the followup initiative, Knox, and now nine months later we are starting to see the first devices incorporate Knox capability.
Knox, when fully implemented, will provide a secure, manageable container on the device and should put Samsung's implementation of Android in the same enterprise security category as BlackBerry and Apple; Knox will not be available on other (i.e. "Non-Samsung") Android devices.
In its basic design, Apple's iOS is a sandboxed operating system that prohibits passing data between applications; a number of MDM vendors have developed secure containers for it. BlackBerry supports its own secure container along with a fully integrated dual persona capability called Balance. That implementation allows a user to easily move between the personal side and the secure, encrypted enterprise container. In either case, data in the secure area is marked and cannot be forwarded to unsecure locations or personal email accounts.
However, Samsung appears to be having some difficulties in getting Knox out the door. According to InfoWorld's Galen Gruman, who has looked into Knox extensively, the list of Knox-compatible devices was initially limited to the Galaxy Note 3 "phablet," the 2014 model of the Galaxy Note 10.1 tablet, and the Galaxy S III and S 4 smartphones.
Actually, determining what devices support Knox now or at what point in the future is a job in itself. In responding to questions in a recent webinar hosted by Fiberlink, Samsung claimed the only two devices with out-of-the-box Knox support were the Note 3 and Note 10.1 2014 edition; the Galaxy S III and S 4 models would require an update that's not available as yet.
And don't try looking on Samsung's web site for a "definitive" list. I did a search under "Knox Compatible" and got a list of three different devices. When I checked the specs for each device I found it confirmed the Galaxy Note 10.1 2014 edition (Wi-Fi), Galaxy Tab 3 7.0 (Sprint) SMT217S, and Galaxy S4 Active (AT&T) SGH1537. I couldn't find Knox mentioned in the tech specs for the Galaxy Note 3 or Galaxy S III.
We do know that Samsung will be charging for Knox. According to the web site, the cost will be $3.60 per device per month or $43.20 for the year. The remote wipe and policy enforcement functions will depend on an MDM platform, and obviously there is a charge for that as well. Many of the major MDM vendors are identified as supporting Knox, including AirWatch, MobileIron, Fiberlink, Citrix, SAP, and Soti among others. You might notice many of those are running webinars with Samsung this month.
With its commanding market share in the Android space, Samsung does have the wherewithal to carve out a strong position with enterprise buyers; however, if this is the best they can do for a product launch, you have to wonder if it's worth the trouble. While strong in technical features, Samsung seems to be incapable of putting out a clear and consistent message about what they have or when you can get it. The company seems to be completely in the dark about what you need in the way of marketing support when selling to enterprise customers.
Interestingly, the same does not hold true of Samsung's consumer advertising, which has been hip, cheeky, and quite effective in establishing the brand as a strong Apple alternative--must be a different agency. Android's relentless march is continuing, but unless Samsung gets its ducks in a row with regard to enterprise support, they may find increasing resistance to the platform from the enterprise IT departments who will be responsible for supporting it.