Can Samsung Make Enterprises Feel SAFE?

Mobile devices are in the enterprise to stay, but how to manage them is an unresolved problem. IT management is concerned about a lot more than network access, too. There is the data on the devices; their applications as possible vectors for attacks on corporate resources; and the inescapable fact that mobile devices containing confidential information are easy to lose.

Add in operational issues--how do mobile devices integrate with corporate email systems, connect securely over company VPNs, and integrate into the existing business workflow--and it's easy to see why IT takes a jaundiced view. Samsung hopes to provide relief with SAFE (Samsung Approved For Enterprise) smartphones and tablets.

Samsung is working with hardware and software vendors to provide support for both mobile device management and common corporate VPNs. Vendors can pick and choose and offer their own customized management capabilities; the options we list here come from Samsung and some of the partners who have released details about how they will be supporting SAFE.

SAFE-certified devices can be encrypted (only with Android 3.x and 4.x) and have Samsung-specific extensions to the included email, contacts, and calendaring applications. Of course, integration with mobile device management systems is the primary attraction for control-obsessed IT departments. Samsung gives IT the ability to deploy management systems that fit a very familiar desktop management model. SAFE brings a laundry list of management capabilities to certified devices. Hardware control, for instance, includes the ability to enable or disable the following features:

• camera,
• Bluetooth,
• tethering,
• USB storage,
• access to internal and external SD cards; and
• Wi-Fi.

The level of control can go beyond simple on/off functionality. For example, devices can be configured to force a Wi-Fi connection whenever an approved connection is available, and prevent users from modifying the centrally applied Wi-Fi settings.

IT also can silently update, install or uninstall applications. It also can:

• control users' access to application stores,
• limit the use of--and not just turn off--specific apps, such as Web browsers,
• disable cut and paste,
• track the versions of installed apps,
• blacklist applications, and
• automatically remove non-approved applications.

The list goes on. Controls can allow only specified versions of applications to be installed, prevent applications from updating, and even prevent carrier-pushed over-the-air updates of the phone operating system. In controlling email apps, the system can provide:

• remote Exchange ActiveSync Configuration,
• remote configuration of POP3/IMAP accounts,
• enforced signatures, and
• set sync intervals.

Primarily, the goal here seems to be to create a fully mobile Exchange client that has the functionality that the user would expect with their desktop Outlook interface. Samsung outlines a number of user capabilities with the SAFE-enhanced Exchange connectivity. Users can:

• access a global address list,
• create and respond to meeting requests,
• use the Out-of-Office Assistant, assign e-mail priority status, and use follow-up flags,
• sort emails by conversation view and other filters,
• view, edit and create Microsoft-compatible documents, spreadsheets, and presentations, and
• view reply status.

And, of course, there are the basics of device security. These features should warm the hearts of IT:

• device encryption,
• lock and wipe capabilities,
• complex passwords,
• password aging, and
• login attempt management.

Connectivity is also addressed, adding explicit VPN options to fit corporate models, including IPSec, PPTp, L2TP, and Certificate Authority support.

This is only a partial list of the capabilities that are being provided with SAFE-certified hardware by Samsung's partners. Currently that partner list includes Cisco, Juniper Networks, MobleIron, Sybase Afaria, F5, SOTI MobiControl, and others not included in the initial announcement. Currently the only SAFE-certified devices from Samsung are the Galaxy Note smartphone and the Galaxy Tab 7.7 tablet. Only the Tab has a version of Android--Android 3.2 (Honeycomb)--that allows it to support SAFE on-device encryption.