Samsung Knox Security Beats iOS, Android, Gartner Finds

Gartner compared 12 different platforms to find the strongest ones. The research firm also advised avoiding older mobile devices, which may have unfixed vulnerabilities or may lack management controls.

Thomas Claburn, Editor at Large, Enterprise Mobility

April 18, 2016

3 Min Read
<p style="text-align:left">(Image: Samsung)</p>

iPad Pro 9.7 May Be Apple's Best Tablet Yet

iPad Pro 9.7 May Be Apple's Best Tablet Yet


iPad Pro 9.7 May Be Apple's Best Tablet Yet(Click image for larger view and slideshow.)

Apple's iPhone has received considerable attention for security that defied FBI investigators, but Samsung's Knox, an enterprise security layer for Android devices, scores better in a security evaluation conducted by research firm Gartner.

In a report published earlier this month, Gartner research director Patrick Hevesi compared 12 mobile device platforms -- Android 4, 5, and 6; BlackBerry 10; BlackBerry Android; iOS 8 and 9; Samsung Knox; Windows Phone 8.1 and 10 (Lumia); and Windows 8.1 and 10 (Surface). He awarded Knox more "strong" ratings than any other system.

Of all the platforms evaluated, Knox was the only one with "strong" ratings for every control in the corporate managed security section. The runner-up in terms of corporate managed security was BlackBerry 10, which received ratings of "strong" in every category except Device Firewall Management, where it was rated "average."

Knox 2.6 is the latest version of Samsung's security platform. It's available on the Galaxy S7 and S7 edge devices and can coexist with Google's managed container technology, Android for Work. A Samsung paper describes how Knox differs from Android for Work.

In a statement, Injong Rhee, EVP and head of R&D for Samsung Electronics' software and services for mobile communications business group, expressed pride that Gartner had recognized Knox's advantages.

Gartner's report examined a variety of core OS functions like biometrics, kernel security, and OS updates, as well as functions relevant to IT administration, such as encryption management, workspace isolation, and jailbreak/root protection.

The report avoids recommending a specific brand of device. Rather, it presents strengths and weaknesses, which should be considered in conjunction with the way devices will be used and business requirements. Gartner does advise organizations to avoid older mobile devices known to be exploitable or found lacking in the security or management controls available in more recent hardware.

In a phone interview Hevesi stressed that every client has different needs and that businesses should identify the risks that are relevant to them before choosing a particular platform. "There are obviously drawbacks to everything," he said. "Knox has done some really good things, but not all organizations need Knox."

Hevesi cited the Knox Warranty Fuse, a one-time programmable fuse that gets triggered if a Knox device is ever booted into an unapproved state. Once the fuse has fired, the device can no longer run Knox, and there's no IT reset switch. The feature may be more trouble than it's worth for administrators.

Hevesi also praised the BlackBerry Android's out-of-the-box experience for guiding users toward secure settings. He also gave a thumbs up to Microsoft's enterprise data protection in Windows Phone 10.

One of the gaps in mobile operating systems, Hevesi said, is that the network stack does not force secure communication, meaning a line-of-business app might still send sensitive information without encryption.

"The developers writing these applications need to start think about encrypting everything and [about] how they store keys on these devices," said Hevesi, noting that encryption also has to be supported by default settings that promote security. For example, default data encryption isn't worth much if the device allows the user to choose a weak four-number PIN rather than strong passcode. 

About the Author

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights