Will Knox tip government buyers toward Android?
On a global basis, Android devices far outsell those that use other operating systems. But it’s been a much different story in government, where Apple has become a preferred mobile device supplier in many cases and where Blackberry still has a strong presence.
The situation is caused mainly by perceptions that Android security is suspect. But that may finally be changing, based on work by Samsung, the leading smartphone supplier. Its Knox containerization technology, under development for four years, seems to be gaining traction across the federal, state and local markets.
Now government pilot projects are being launched and, according to Samsung, attracting potential users who are coming to see how they can use the technology.
“We have numerous examples of where agencies are willing to enter into those initial presentation pilots,” said Johnny Overcast, director of government sales for Samsung Mobile. “We’ve been working with major executive branch agencies in particular for some time, and there have already been significant purchases of Samsung Knox.”
The Defense Department was one of the first to get on board with Android, and Samsung in particular. In May 2013, the Defense Information Systems Agency announced Security Technical Implementation Guides (STIGs) for mobile devices aimed at getting the technology into the hands of military users as quickly as possible. The STIGs describe the security policy and configuration requirements for government-issued devices, including those that use Samsung Knox.
More recently, the Army announced it would use Samsung Galaxy Note II smartphones as the end user device in its Nett Warrior program, whose goal is to give front-line soldiers advanced situational awareness capabilities.
In March, the DOD approved the Samsung Knox Hypervisor virtualization technology and Authority to Operate on sensitive networks.
The departments of Justice and Homeland Security have also bought into the Knox hardened approach for Android, along with various three-letter intelligence agencies.
To some extent, Samsung Knox closes a circle, since it uses the Security Enhanced (SE) Android specification developed by the National Security Agency, which prevents any user without proper permission from getting access to the secure container. It also extended the use of the NSA’s SELinux into the Android operating system. An even further closing will happen when Google integrates elements of Samsung Knox into Android L, a next-generation version of the operating system that had its beta release in June.
Samsung Knox adds to the secure capabilities that Android already has, Overcast pointed out. Vanilla Android, an install of Android without customization, already offers discretionary user access control, and the Knox platform adds such things as a trusted boot process.
That trusted boot uses Trust Zone Integrity Management Architecture to continually scan the hardware, applying a mathematical check to make sure that what’s being loaded onto the device is authorized.
With the technical basis for Samsung Knox increasingly accepted by users, Overcast said the company is focusing on broadening the choices those users will have. It now provides for multiple user domains on a device, for example, and the ability for users to choose what kind of container technology they have. With Knox’s new multiuser framework, administrators can also select what permissions and applications can be used with specific containers.
This is all in preparation for what Overcast said he sees as a tipping point in the government mobile markets, when agencies get beyond fundamental questions about security and instead look to the kinds of devices that will help them best execute their missions and provide better services to citizens.
And that, he said, is not too far into the future.
Posted by Brian Robinson on Aug 15, 2014 at 11:07 AM