Communications and Electronics Security Group (CESG), the information security arm of GCHQ, issues security guidance for various end-user communication devices, and has just certified the Samsung Galaxy S6 and S6 edge encryption under its Commercial Product Assurance (CPA) programme for data-at-rest. Samsung Electronics says it is the first mobile handset vendor to receive a certification of this type in UK.
This guidance applies to Samsung devices with KNOX running Android 4.3 with guidance developed following testing performed on a Samsung Galaxy S4 device running Android 4.3 and KNOX version 1.0. These devices are therefore approved for use by government and public sector organisations, including government departments, the police, local councils and hospitals.
The Galaxy S6 and S6 edge both come with KNOX 2.4 built-in, allowing secure connection to work files and email with a few taps.
Graham Long, vice president enterprise business team, Samsung UK & Ireland, said: “CESG's acknowledgment of Samsung KNOX is testament to the high standard of security offered by the Samsung Android platform and once again reinforces our leading position in area, helping to provide secure mobile technology to government organisations and businesses throughout the UK.”
Dr Injong Rhee, executive vice president of Knox business, IT & mobile communications division at Samsung Electronics, said: “Samsung KNOX devices are trusted and used around the globe by organisations in the public and private sector alike. CESG's certification of the Galaxy S6 and S6 edge will help us to go one step further in expanding our relationships with government organisations and large corporate enterprises worldwide, setting a new standard in mobile security.”
Samsung devices with KNOX can be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working approaches such as accessing OFFICIAL email; reviewing and commenting on OFFICIAL documents, and accessing the internet and other web-resources. Users can store all or some of their enterprise data in the KNOX container, providing enhanced protection.
· For users working primarily with sensitive data, the majority of their work should be within the KNOX container. The Android platform outside the container is used for non-sensitive work.
· Users who require only periodic access to sensitive data should use the Android platform outside the container for the majority of their work, and open the KNOX container when they are required to use sensitive data.
· All data-in-transit to and from the device should be routed over a secure enterprise VPN to ensure the confidentiality and integrity of the traffic, and to allow the devices and data on them to be protected by enterprise protective monitoring solutions.
· Arbitrary third-party application installation by users is not permitted on the device. An enterprise application catalogue should be used to whitelist and distribute approved applications to devices.
· Enterprise applications and data should be kept within the KNOX container where possible. Unnecessary applications outside the container should be removed or managed using an appropriate whitelist.