Samsung comes at BlackBerry’s security crown -- and will not miss

The Galaxy series will take greater advantage of Knox technology at the hardware level, even if you use Android for Work

Samsung comes at BlackBerry’s security crown -- and will not miss
Kim Traynor

The BlackBerry is all but dead, with the company having abandoned its own operating system in favor of an older version of Android. Even if BlackBerry keeps investing in deep Android security integration, as it has done in the BlackBerry Priv, it's clear BlackBerry's limited resources will keep it lagging the pace of change in mobile.

That's been a major concern for high-security businesses, which really depend on the all-stack security model BlackBerry has long delivered, interlocking the hardware and OS to ensure tampering is detected and thwarted.

Samsung wants to fill that vacuum, and later this year it'll take a significant step to do so. The company has been moving in this direction for several years, through its Knox efforts. The first version of Knox wasn't all it was cracked up to be, but the company has made significant progress since then and has been rewarded with a growing clientele in the defense and financial sectors.

Samsung's variant of Android 6.0 Marshmallow will debut in the new Galaxy S7 lineup and be available, along with the required Marshmallow upgrades, for the older Galaxy Note 5 and Galaxy S6 lineups, as well as for its premium Galaxy Tab S tablet series. 

All versions of Knox already tie the Samsung hardware to the security system running on the device -- at a layer below the operating system. As the developer of both the hardware and security system, Samsung has the same advantage that BlackBerry has long enjoyed in such integration. (Apple's iOS devices also have vertically integrated security, but Apple severely restricts access to that stack, so government agencies and others can't customize it in the way that Samsung allows.)

On flagship devices such as the Galaxy S7, the new Knox-enabled hardware integration in Samsung's Marshmallow version will also support Android for Work, Google's managed-container technology, which debuted a year ago. Thus, companies that standardize on the recent Samsung mobile devices can choose either Android for Work or Knox as their security systems -- or both.

Other manufacturers' devices that run Android for Work won't get that hardware integration, of course, but IT would have a common console for all devices. The approach would work well for a company that issues Samsung devices for high-security users and lets other users choose their own Android device.

Samsung's security efforts go beyond supporting Android for Work. The new Galaxy S7 and S7 Edge smartphones bring back the SD card removed a year ago in the S6 lineup, a decision that had dismayed many users. Samsung smartly put the SD card in the same tray that holds the SIM card, minimizing the structural work needed within the phone bezel and the number of holes in the device.

Users can enable or disable encryption on the cards, and IT can force the SD card to be encrypted using standard mobile management policies. That's par for the course these days.

Where Samsung goes a step further is in its support for layered encryption for the SD card. Samsung has APIs that let companies develop finer-grained control of card encryption, such as allowing IT access to wipe it while only letting the authorized user -- or even specific apps -- work on the contents.

Whether the encryption is all-or-nothing or layered, the SD card itself can only be decrypted on the device where its was encrypted, so encrypted SD cards cannot be swapped with other devices, including computers, for content sharing. And there is no backdoor for decryption by others, Samsung notes. Apple uses the same approach to keep users' encrypted contents fully secured.

That layered approach to SD card encryption should appeal to security-conscious organizations that have long favored the BlackBerry. But they'll need to do custom development to use that layering -- so far no commercial tools are available. Maybe one of the mobile management vendors will get into this action.

Mobile devices are very secure; too many IT organizations have unjustified fears around mobile security -- but there is a class of user that needs more than the very good security that Apple's iOS and the latest versions of Google's Android provide. For them, Samsung increasingly looks like the new gold standard to replace BlackBerry.

Copyright © 2016 IDG Communications, Inc.

How to choose a low-code development platform