![]() ![]() a strong password to access the device, then a shorter password or token to access the KNOX Workspace container.a numeric PIN to access the device, then a strong password to access the KNOX Workspace container.3.3 Authenticationĭevise a scheme which requires a strong password to access sensitive data. Only the Galaxy S6 and S6 Edge devices have Foundation-grade approval of their encryption. The KNOX native email client has been enabled to use the Sensitive Data Protection (SDP) feature and applications can take advantage of the SDP-protected “Chamber” folder to protect data while locked as well as when the device is turned off. Outside the KNOX Workspace use the device’s native data encryption. The KNOX Workspace container is encrypted by default, so applications and data relating to OFFICIAL material should be kept within it. This setup would allow traffic from less-trusted applications to be separated from the applications in the KNOX Workspace container that handle OFFICIAL material. Organisations may wish to set up two VPN profiles, one for all applications on the device, and a second for all applications within the KNOX Workspace container. Applications will not have internet access until the VPN has connected. Using the per-app VPN in this configuration ensures that traffic from all applications is routed through the VPN. To route all data via the VPN, the ‘Per-App’ VPN should be configured for all applications on the device, both inside and outside the KNOX Workspace container. VPN authentication should be certificate-based. Use a compatible KNOX VPN client until a Foundation Grade VPN client for this platform becomes available. This section details the platform security mechanisms that best address each of the security recommendations. How the platform can best satisfy the security recommendations Without assurance of the VPN, there is a risk that data transiting from the device could be compromised.ģ. The KNOX compatible VPN has not been independently assured to Foundation Grade.The following significant risks have been identified: Malicious code detection and preventionġ1. Platform integrity and application sandboxingħ. The KNOX-compatible VPN has not been independently assured to Foundation Grade.ĥ. See How the platform can best satisfy the security recommendations for more details about how each of the security recommendations is met. Rows marked represent a more significant risk. Explanatory text indicates that there is something related to that recommendation that the risk owners should be aware of. The results of the assessment are shown in the table below. Samsung KNOX Workspace enabled devices were assessed against each of the 12 security recommendations. Unnecessary applications outside the container should be removed or managed using an appropriate whitelist. An enterprise application catalogue should be used to whitelist and distribute approved applications to devices.Įnterprise applications and data should be kept within the KNOX Workspace container where possible. Users who only access sensitive data occasionally can use the KNOX Workspace container when they are required to work with that sensitive data, doing the non-sensitive majority of their work outside the container.Īll data-in-transit to and from the device should be routed over a secure enterprise VPN to ensure the confidentiality and integrity of the traffic, and to allow the devices and data on them to be protected by enterprise protective monitoring solutions.Īrbitrary third-party application installation by users is not permitted on the device. The Android platform outside the KNOX Workspace container is used for non-sensitive work. To support these scenarios, the following architectural choices are recommended:įor users working primarily with sensitive data, the majority of their work will be within the KNOX Workspace container. Users can store all or some of their enterprise data in the KNOX Workspace container, providing enhanced protection. The KNOX Workspace provides additional security features over the underlying Android platform. The KNOX Workspace enabled devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working approaches such as accessing OFFICIAL email reviewing and commenting on OFFICIAL documents, and accessing the internet and other web resources. This guidance was developed following testing performed on a Samsung Galaxy S5 device and is applicable to Samsung KNOX Workspace enabled devices running Android 5.0 and higher with KNOX 2.4 and higher. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |