KODO for Samsung Knox Enterprise Data Protection ... - Storware

2MB Size 6 Downloads 7 Views

KODO for Samsung Knox. Enterprise Data Protection & Secure. Collaboration Platform by Paweł Mączka, Storware CTO. WHITE PAPER ...
KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

by Paweł Mączka, Storware CTO WHITE PAPER

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

Table of Contents OVERVIEW

3

WHAT IS KODO?

4

HOW IT WORKS ?

5

BACKUP & RESTORE

6

TABLE OF FEATURES

8

END-TO-END ENCRYPTION FOR ANDROID DEVICES

10

ENTERPRISE FILE SYNC & SHARING (EFS&S)

11

MIGRATION

12

KNOX AWARENESS

13

SUMMARY

15

ABOUT THE AUTHOR

15

ABOUT THE COMPANY

15

WHITE PAPER

2|Page

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

Overview In this white paper, we present Storware KODO for Knox, the platform which enriches existing Knox offering with new layer of features. KODO aims Knox - the most comprehensively secure and manageable mobile device solution for any size of enterprises. Based on IBM Spectrum Protect Engine, Storware KODO is designed around the philosophy of data protection and secure data collaboration. KODO builds a trusted environment for a sensitive and enterprise-critical data, by setting up the rhythm of organization’s data flow. With a Knox Workspace, KODO beautifully protect data by giving the 3 new major features such as: Backup & Restore, Sync & Sharing, Migration.

WHITE PAPER

3|Page

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

What is KODO? Storware KODO is an enterprise platform that provides the collaboration & protection for mobile devices such as laptops, tablets and smartphones. It ensures not only continued protection of key corporate data, but also compression, deduplication and file versioning. KODO delivers security to Android.

The safety and secure access for a corporate data are priorities for KODO. This enterprise-ready solution provides easy and intuitive web-based management. KODO works on both, application and Knox Workspace Container layer. Building a trusted zone on Knox Workspace, KODO can easily transfer mission-critical data between the authorised users and devices.

WHITE PAPER

4|Page

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

How it works ? KODO can work in 2 models - On-premise and Cloud. On-premise installation provides a private cloud approach. In on premise model KODO Server can be installed as a VM machine or physical server. It needs just a public IP (gateway) for connectivity to a mobile device. KODO client can be downloaded and installed from MDM or GooglePlay. It is important to mark, that KODO client is fully separated from private and Knox Workspace (due to data security aspects). Once the client is installed and configured to KODO Server (users authentication can be integrated with Active Directory), the administrator can use a webbased management which allows IT departments to fully control mobile devices and their data.

WHITE PAPER

5|Page

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

Backup & Restore Whereas organizations are aware of protecting servers and data centres, they still seem to ignore the importance of endpoint environment protection. Endpoints are able to carry lots of key corporate data, such as contacts, confidential documents, e-mails and more. Therefore, the mobile users require special attention in data security area as the unsecured mobile devices may be the weakest point of the system. KODO automates backup & restore for Android devices, providing advanced policy rules, managing and controlling as a single pane of glass.

WHITE PAPER

6|Page

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

On Android OS, the KODO data workflow is as follows: 1. KODO client compares data that is stored on the server with the current state of the data on the device 2. If application detects changes, it uploads files / contacts / calendar object to the server over HTTPS using REST API (TLS 1.2) 3. REST API accepts also object’s metadata during the backup process 4. Server pushes data to the KODO Gateway/Server and sends confirmation to the KODO client if the data has successfully been stored.

WHITE PAPER

7|Page

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

Table of features Deduplication methodology

Global, client-side, block level deduplication

Deduplication of email and attachments

PSTs are evaluated as a single file

Global Data Deduplication

Global, deduplication across all desktop, laptop devices

Dedupe Granularity

block level

WAN Optimization

Client Deduplication and compression

Deployment, configuration, and management

Centralized KODO portal, magic link deployment

IT-blessed File-sharing

Yes

Deployment Options

On-premise & cloud

Licensing structure

per device, per user

Security and Data Privacy Encryption in-transit

TLS 1.2

Encryption at-rest

256-bit AES

Remote Wipe Capability

Yes

Integrated File Sync & Share File sharing with IT visibility

Yes

Data Capture Frequency

CDP (seconds)

Administrator Experience Central Management Console

Yes

Mass Deployment

via Active Directory

Device/OS Diversity Supported PC/Laptop Platforms

Windows/Mac

Smartphone/Tablet Backup

iOS, Android, Windows Phone

Mobile Access

iOS, Android, Windows Phone

Content Variety Files/Folders

Yes

Email Archives

Yes

Visibility and Control Over End-User Data Data Loss Prevention

Backup

Integrated File Sharing with IT Visibility

myKODO containers

Mobility and BYOD Support Mobile apps

Smartphones and tablets

Device/OS heterogeneity

Windows, Mac, iOS, Android, Windows Phone

Self-deploy and self-restore

Yes

Data backup for smartphones and tablets

Yes

Remote laptop backup and restore without VPN

Yes

Ability to disable backups over 3G/4G

Yes

Data backup for smartphones and tablets

Yes

Policies for BYOD enablement

Yes

WHITE PAPER

8|Page

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

System and application settings backup

Yes

Integrated file sharing

Yes

Remote wipe & geo location

Yes

Mobile container for selective wipe

Yes

Mobile security policies to control access to corporate data by other apps

KODO for Knox

Global Mass Deployment Silent deployment

Yes

No custom scripting required

Yes

Deployment options

On premise, cloud

Centralized administration

Yes

Installation and Management Installation time

Minutes

1-click configuration

Yes

Centralized administration

Yes

End-user Experience WAN optimization

Yes

End-user experience

Non-intrusive

Data Protection Manual and automatic backups

Yes

Continuous data protection

Seconds

Integrated enterprise file sync and share

Yes

Data Governance Reporting and alerts

WHITE PAPER

Yes

9|Page

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

End-to-End Encryption for Android Devices Before leaving a Knox Container data is encrypted by AES 256-bit key to enhance integrity of protected data. Automatically generated key is managed by KODO server or user by providing a password key. If the password is lost, the business user will not have access to protected data.

User Key based encryption strategy ensures that all user’s data is secured on the device with AES-256 encryption algorithm and transmitted over TLS secured connection. New encryption key is randomly generated for each backup session and persisted after securing it with AES-256, using user’s password based PBKDF2 (16.000 iterations) derived key in order to strengthen the security and prevent situations where encryption key leaks and causes decryption of all user’s data. Notice User provided encryption password is securely stored on the device (protected using platform specific security algorithms – device’s internal memory) for user convenience – so it can be reused for all backup sessions, and user will not have provide it over and over again.

WHITE PAPER

10 | P a g e

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

Enterprise file sync & sharing (EFS&S) Applications and data inside Knox Workspace are isolated from applications outside the Workspace. This means, the applications outside the Workspace cannot use Android interprocess communication or data-sharing methods with applications inside the Workspace. To provide secure collaboration between Knox users, we need to implement a trusted zone, where users can exchange corporate data without risk of data leakage. KODO with secure sync & data sharing feature allows enterprises which use Knox Workspace to:

increase the productivity by providing self-service sharing capabilities of files and folders with colleagues, partners and customers secure, password protected file share via internal URL enable the internal exchange data to authorized users, based on enterprise security policy

For more information about Knox protection go to: https://kp-cdn.samsungknox.com/cac39a4cdc16170950852eec88ca60cf.pdf Section: Solution: Protect enterprise apps and data in a secure Workspace Page 19

WHITE PAPER

11 | P a g e

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

Migration Migration is an important part of mobile fleet management process. It allows IT department to unify the migration between Samsung devices based on Knox Workspace. In addition KODO can be fully user-centered. Employees can implement migration by themselves with minor involvement of company’s IT helpdesk .

Migration procedure 1. Go to Knox and open KODO application 2. Login to KODO with your username and password 3. KODO will detect that you are logged in with a new device and will ask if you want to migrate your data 4. Select “Yes” and choose device which data from you want to migrate 5. Migration process will start and you will be notified when it’s over

WHITE PAPER

12 | P a g e

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

Both, IT staff and users will especially appreciate the migration feature in the following easy-to-imagine life situations:

device has been stolen device has been lost device has been destroyed device is in maintenance mode user has acquired a new phone when company changes standard of a mobile fleet

Knox Awareness The Knox Workspace container is designed to separate, isolate, encrypt, and protect work data from attackers. This enterprise-ready solution provides management tools and utilities to meet security needs of enterprises large and small. It’s natural for KODO to be aware of Knox and recognize which files origin from the Container.

For more information about Knox go to: https://kp-cdn.samsungknox.com/6ee7dbf222f5eabeafea9d15e3986f09.pdf Section: Samsung Knox overview Page 11

System runs, even if Google Services are disabled. KODO can be customized by applying the policies that automate protection and lifecycle of the data. It can be also set up quickly by using defaults to the most common settings.

WHITE PAPER

13 | P a g e

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

KODO in Knox container is identified as separate device, without any ability to see it from the outside. Container

WHITE PAPER

vs

Private

14 | P a g e

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

Summary Storware KODO enhances Knox by delivering safe folders and files backup. Data and transfer encryption allows you to backup and also share your data among co-workers in a very safe way. KODO is a powerful tool for Samsung products that allows to restore important data if device is broken or stolen. With full understanding of public, military, government and commercial sectors’ organization, KODO completes the Samsung Knox solution enabling access to copy of data in case the user demand.

About the Author Paweł Mączka, a visionary and a geek, but first of all he is a founder and Chief Technology Officer of Storware. His work background origins from IBM where he started the career as Technical Sales Engineer in data protection area based on IBM Tivoli Storage systems. Addicted to Storage and Data Protection Solutions serve in every combination – cloud, hybrid, on premise. Mobility evangelist, concentrated on security aspects, MDM, backup, secure sync & sharing features.

About the Company Storware is a company building the simplified data protection products for businesses. We help to reduce the risks of data loss and its related costs. Wherever you keep your data, in the cloud, on servers or endpoints - we continuously care and bring additional value to them. Storware successfully offers products through the worldwide distribution and partner channel.

WHITE PAPER

15 | P a g e

KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

Storware Sp.z o.o. Sp.K., ul.Leszno 8/44, 01-192 Warsaw , National Court Register No. 000551481, VAT 5213656342 Copyright © 2017 Storware Sp. z o.o. Sp.K. All rights reserved. This product is protected by international copyright and intellectual property laws. Storware logo is registered and protected by EUiPO. All other marks and names mentioned herein may be trademarks of their respective companies. Item No: STO-WP-KD/SG-1

WHITE PAPER

16 | P a g e

Comments