Now that the Samsung Galaxy S III has arrived, I though it would be interesting to take a look at what makes it a SAFE™ (Samsung Approved For Enterprise) phone.
One of the latest trends in the mobility space is BYOD (that’s short for bring your own device – not drink!). Mobile devices have become so much a part of our lives that we really do not want to comply with some corporate policy and turn personal phones off whilst we are at work, and then switch them on for the homeward commute. For a growing number of users, the “always connected” syndrome is a reality. Turn off their email, facebook, and various drawing and messaging apps, then stand back. The fear of missing out on the latest pic or comment would, in my opinion, make a great episode of The Twilight Zone.
In the name of progress, we would (sadly) leave our pet dog or cat at home for extended periods of time, but would not dream of leaving our personal mobile phones or tablets at home. Ever.
So the challenge facing IT departments today is how to deal with the growing number of requests for employees wanting to use their own devices as their tools of trade. Given the cost of smartphones today – on face value it could be seen as great way to save money. In reality there are a lot of things to be considered –especially around the security of corporate data.
Android in Enterprise
Although Android has made great inroads into the Consumer market, the Enterprise market has been harder to crack. The main reason given is a lack of enterprise-class security and application compatibility attributes. When Android was released, Google included 35 Enterprise Policies and 33 APIs (Application Programming Interface). In 2011, Samsung Android devices had 259 Enterprise Policies and 576 APIs. Today the Samsung Android devices, including the Galaxy S3 has 338 Enterprise Policies and 725 APIs.
Samsung have gone a long way to address these and other issues with the SAFE programme. According to Samsung, “SAFE-certified devices meet rigorous security criteria and are configured specifically with enterprise use in mind. The deployment of SAFE smartphones…helps ensure that your organisation’s mobile workplace is protected to the greatest possible degree through on-Device Encryption and Mobile Device Management.
Let’s examine the major areas of interest for Enterprise, and how Samsung has addressed them in the Galaxy S III:
Virtual Private Network (VPN): Before the introduction of VPNs, accessing a corporate network from an unsecured environment was almost impossible. VPNs employ a technique of scrambling your data whilst it is in transit, reassembling it into something meaningful at the other end. Samsung was the first Android platform to support Secure Sockets Layer (SSL) and Transport Layer Security (TLS) VPNs through their association with Cisco, F5 and Juniper Networks. Customers benefit from choice, and the Galaxy S III covers all levels of VPN security, including SSL and IPsec; Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) VPNs.
Mobile Device Management (MDM): MDM is the hot topic around Enterprise today, and probably doesn’t mean exactly the same thing to two people. In essence, it gives your IT department the ability to manage all aspects of mobile device usage centrally. Utilising the 338 IT policies through 725 APIs (see above), Samsung provides broad compatibility with prominent MDM partner solutions. The features include:
- Application Management
- Remote Configuration
- Inventory Management
- Help Desk
- Location-based service
- Kiosk Mode
- Security Management
- Expense Management
- Hardware and Software Management
On-Device Encryption (ODE): If you’ve ever left your phone or tablet behind in a cab, or restaurant (or thought you had), you know that sick feeling that hits the pit of your stomach as you worry about the security of your stored data. On-Device Encryption (ODE) protects the data stored on your device’s internal memory – even down to the SD card level, making it unreadable to unauthorised people. Android’s native OS supports 128-bit Advanced Encryption Standard (AES) encryption for internal memory on Android devices. As part of their SAFE series, Samsung has employed the more secure AES 256-bit data encryption algorithm – taking it even further to include external SD cards for higher security.
Samsung use FIPS-140-2 certified encryption to protect data stored on their devices from unauthorised access. FIPS enables Android to be used in government agencies to access unclassified information.
Exchange ActiveSync (EAS) Enhancements: The standard Android device support for the Microsoft Exchange ActiveSync protocol include:
- Direct Push
- Email/Calendar/Contact Sync
- Remote Wipe
- Sync Multiple Folders
- GAL Lookup
- HTML Email View
- Auto Discover
- Meeting Request – Accept / Reject
Samsung have added the following features to make their EAS implementation the most comprehensive in the market today:
- Server Search
- Out of Office
- Follow-up Flags
- Set High Importance Status
- Partial Download
- Re-Sync All Data from Server to Phone
- Conversation View
- OCS/Lync/Voicemails In Box
- Free/Busy Lookup
- Reply/ Forward Status
Samsung were the first to implement S/MME encrypted messages in EAS. The platform also supports Lightweight Directory Access Protocol (LDAP) – enabling users to sync with the corporate address book and access their corporate email system through existing access policies wherever the user is.
In conclusion, with Android now sitting at just below 60% of the global mobile OS market (IDC Worldwide Mobile Phone Tracker, May 2012), it is encouraging to see Samsung supporting this platform through SAFE. Enhanced IT Policies and Applications, partnerships with leading VPN and MDM vendors and enhancing Microsoft EAS ensures the Galaxy S III can find a place in the security conscious Enterprise environment.