KODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform

Similar documents
Evolved Backup and Recovery for the Enterprise

Storware vprotect: How to backup Red Hat Virtualization to EMC Data Domain Boost File System plug-in. by Marcin Kubacki & Łukasz Błocki, Storware

Mobile Security using IBM Endpoint Manager Mobile Device Management

Augmenting security and management of. Office 365 with Citrix XenMobile

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

XenApp, XenDesktop and XenMobile Integration

Comprehensive Agentless Cloud Backup and Recovery for the Enterprise

Balancing BYOD and Security. A Guide for Secure Mobility in Today s Digital Era

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

Google Identity Services for work

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

Secure Container DME. SecureContainer - DME is available for ios and Android.

RHM Presentation. Maas 360 Mobile device management

Thomas Lippert Principal Product Manager. Sophos Mobile. Spring 2017

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

905M 67% of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves

Centrify for Dropbox Deployment Guide

Collaboration & Enterprise Protection. KODO Server Manual. Version 3.4

The Device Has Left the Building

Enhancing and Extending Microsoft SharePoint 2013 for Secure Mobile Access and Management

Security context. Technology. Solution highlights

Securing Today s Mobile Workforce

Virtual Machine Encryption Security & Compliance in the Cloud

BYOD: BRING YOUR OWN DEVICE.

Symantec Endpoint Protection Family Feature Comparison

Deploying Lookout with IBM MaaS360

Microsoft IT deploys Work Folders as an enterprise client data management solution

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Webinar: Mitigating the risks of uncontrolled content access from mobile devices. Presented By: Brian Ulmer, Product Management Director

Druva insync vs. Altiris/ Symantec/Veritas Desktop and Laptop Option (DLO)

Design and deliver cloud-based apps and data for flexible, on-demand IT

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS

Archiving. Services. Optimize the management of information by defining a lifecycle strategy for data. Archiving. ediscovery. Data Loss Prevention

Top. Reasons Legal Teams Select kiteworks by Accellion

device management solution

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Citrix XenMobile and Windows 10

UNCLASSIFIED. Mimecast UK Archiving Service Description

VMware Horizon Workspace Security Features WHITE PAPER

DreamFactory Security Guide

#1 Enterprise File Share, Sync, Backup and Mobile Access for Business

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Providing an Enterprise File Share and Sync Solution for

WebSphere Puts Business In Motion. Put People In Motion With Mobile Apps

Managing Devices and Corporate Data on ios

Microsoft 365 Business FAQs

Five Tips to Mastering Enterprise Mobility

McAfee Security Management Center

INTEGRATING WITH DELL CLIENT COMMAND SUITE: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

USING PRODUCT PROVISIONING TO DELIVER FILES TO WINDOWS 10: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Lookout Mobile Endpoint Security. AirWatch Connector Guide

Maximize your move to Microsoft in the cloud

BlackBerry UEM + Samsung Knox

Mozy. Administrator Guide

Storage Made Easy. Providing an Enterprise File Fabric for INVESTOR NEWSLETTER ISSUE N 3

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

BOMGAR.COM BOMGAR VS. WEBEX UPDATED: 2/28/2017

Maximize your investment in Microsoft Office 365 with Citrix Workspace

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

This Message Will Self-Destruct The Power of Collaboration with an Expiration Date

Enterprise file sync and share using Citrix ShareFile and IBM Storwize V7000 Unified system

Acronis Hybrid Cloud Architecture Unified Centralized Data Protection Web-based User Interface Deployed On-premises or in the Cloud.

Application management in Nokia: Getting the most from Company Apps

#1 Enterprise File Share, Sync, Backup and Mobile Access for Business

Code42 Security. Tech Specs Data Protection & Recovery

Sophos Mobile Control Administrator guide. Product version: 5.1

Mobilize with Enterprise Security and a Productive User Experience

SECURE, CENTRALIZED, SIMPLE

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

The Future of Mobile Device Management

Sophos Mobile. startup guide. Product Version: 8.5

Enterprise Product Guide

Phil Schwan Technical

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

Secure & Unified Identity

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS

McAfee MVISION Mobile AirWatch Integration Guide

Sophos Mobile Control SaaS startup guide. Product version: 7

Sophos Mobile. administrator help. product version: 9

Transforming Security Part 2: From the Device to the Data Center

OpenScape Web Collaboration

Cisco Spark from Telstra. Empower teamwork

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Unified Endpoint Management: Security and productivity for the digital workspace

Developing Microsoft Azure Solutions (70-532) Syllabus

Mobilize your corporate content and apps

Quick Heal Mobile Device Management. Available on

Security Guide Zoom Video Communications Inc.

Installation Guide. Qlik Sense Copyright QlikTech International AB. All rights reserved.

Make security part of your client systems refresh

Go mobile. Stay in control.

What Dropbox Can t Do For Your Business

Dell Management Portal. Apple Device Enrollment Program

PLATFORM CONVERGENCE JOURNEY

Code42 Defines its Critical Capabilities Methodology

Transcription:

& Secure Collaboration Platform by Paweł Mączka, Storware CTO

Table of Contents OVERVIEW 3 WHAT IS KODO? 4 HOW IT WORKS? 5 BACKUP & RESTORE 6 TABLE OF FEATURES 8 END-TO-END ENCRYPTION FOR ANDROID DEVICES 10 ENTERPRISE FILE SYNC & SHARING (EFS&S) 11 MIGRATION 12 KNOX AWARENESS 13 SUMMARY 15 ABOUT THE AUTHOR 15 ABOUT THE COMPANY 15 2 P a g e

Overview In this white paper, we present Storware KODO for Knox, the platform which enriches existing Knox offering with new layer of features. KODO aims Knox - the most comprehensively secure and manageable mobile device solution for any size of enterprises. Based on IBM Spectrum Protect Engine, Storware KODO is designed around the philosophy of data protection and secure data collaboration. KODO builds a trusted environment for a sensitive and enterprise-critical data, by setting up the rhythm of organization s data flow. With a Knox Workspace, KODO beautifully protect data by giving the 3 new major features such as: Backup & Restore, Sync & Sharing, Migration. 3 P a g e

What is KODO? Storware KODO is an enterprise platform that provides the collaboration & protection for mobile devices such as laptops, tablets and smartphones. It ensures not only continued protection of key corporate data, but also compression, deduplication and file versioning. KODO delivers security to Android. The safety and secure access for a corporate data are priorities for KODO. This enterprise-ready solution provides easy and intuitive web-based management. KODO works on both, application and Knox Workspace Container layer. Building a trusted zone on Knox Workspace, KODO can easily transfer mission-critical data between the authorised users and devices. 4 P a g e

How it works? KODO can work in 2 models - On-premise and Cloud. On-premise installation provides a private cloud approach. In on premise model KODO Server can be installed as a VM machine or physical server. It needs just a public IP (gateway) for connectivity to a mobile device. KODO client can be downloaded and installed from MDM or GooglePlay. It is important to mark, that KODO client is fully separated from private and Knox Workspace (due to data security aspects). Once the client is installed and configured to KODO Server (users authentication can be integrated with Active Directory), the administrator can use a webbased management which allows IT departments to fully control mobile devices and their data. 5 P a g e

Backup & Restore Whereas organizations are aware of protecting servers and data centres, they still seem to ignore the importance of endpoint environment protection. Endpoints are able to carry lots of key corporate data, such as contacts, confidential documents, e-mails and more. Therefore, the mobile users require special attention in data security area as the unsecured mobile devices may be the weakest point of the system. KODO automates backup & restore for Android devices, providing advanced policy rules, managing and controlling as a single pane of glass. 6 P a g e

On Android OS, the KODO data workflow is as follows: 1. KODO client compares data that is stored on the server with the current state of the data on the device 2. If application detects changes, it uploads files / contacts / calendar object to the server over HTTPS using REST API (TLS 1.2) 3. REST API accepts also object s metadata during the backup process 4. Server pushes data to the KODO Gateway/Server and sends confirmation to the KODO client if the data has successfully been stored. 7 P a g e

Table of features Deduplication methodology Global, client-side, block level deduplication Deduplication of email and attachments PSTs are evaluated as a single file Global Data Deduplication Global, deduplication across all desktop, laptop devices Dedupe Granularity block level WAN Optimization Client Deduplication and compression Deployment, configuration, and management Centralized KODO portal, magic link deployment IT-blessed File-sharing Deployment Options On-premise & cloud Licensing structure per device, per user Security and Data Privacy Encryption in-transit TLS 1.2 Encryption at-rest 256-bit AES Remote Wipe Capability Integrated File Sync & Share File sharing with IT visibility Data Capture Frequency CDP (seconds) Administrator Experience Central Management Console Mass Deployment via Active Directory Device/OS Diversity Supported PC/Laptop Platforms Windows/Mac Smartphone/Tablet Backup ios, Android, Windows Phone Mobile Access ios, Android, Windows Phone Content Variety Files/Folders Email Archives Visibility and Control Over End-User Data Data Loss Prevention Backup Integrated File Sharing with IT Visibility mykodo containers Mobility and BYOD Support Mobile apps Smartphones and tablets Device/OS heterogeneity Windows, Mac, ios, Android, Windows Phone Self-deploy and self-restore Data backup for smartphones and tablets Remote laptop backup and restore without VPN Ability to disable backups over 3G/4G Data backup for smartphones and tablets Policies for BYOD enablement 8 P a g e

System and application settings backup Integrated file sharing Remote wipe & geo location Mobile container for selective wipe Mobile security policies to control access to corporate data by other apps Global Mass Deployment Silent deployment No custom scripting required Deployment options Centralized administration Installation and Management Installation time 1-click configuration Centralized administration End-user Experience WAN optimization End-user experience Data Protection Manual and automatic backups Continuous data protection Integrated enterprise file sync and share Data Governance Reporting and alerts KODO for Knox On premise, cloud Minutes Non-intrusive Seconds 9 P a g e

End-to-End Encryption for Android Devices Before leaving a Knox Container data is encrypted by AES 256-bit key to enhance integrity of protected data. Automatically generated key is managed by KODO server or user by providing a password key. If the password is lost, the business user will not have access to protected data. User Key based encryption strategy ensures that all user s data is secured on the device with AES-256 encryption algorithm and transmitted over TLS secured connection. New encryption key is randomly generated for each backup session and persisted after securing it with AES-256, using user s password based PBKDF2 (16.000 iterations) derived key in order to strengthen the security and prevent situations where encryption key leaks and causes decryption of all user s data. Notice User provided encryption password is securely stored on the device (protected using platform specific security algorithms device s internal memory) for user convenience so it can be reused for all backup sessions, and user will not have provide it over and over again. 10 P a g e

Enterprise file sync & sharing (EFS&S) Applications and data inside Knox Workspace are isolated from applications outside the Workspace. This means, the applications outside the Workspace cannot use Android interprocess communication or data-sharing methods with applications inside the Workspace. To provide secure collaboration between Knox users, we need to implement a trusted zone, where users can exchange corporate data without risk of data leakage. KODO with secure sync & data sharing feature allows enterprises which use Knox Workspace to: increase the productivity by providing self-service sharing capabilities of files and folders with colleagues, partners and customers secure, password protected file share via internal URL enable the internal exchange data to authorized users, based on enterprise security policy For more information about Knox protection go to: https://kp-cdn.samsungknox.com/cac39a4cdc16170950852eec88ca60cf.pdf Section: Solution: Protect enterprise apps and data in a secure Workspace Page 19 11 P a g e

Migration Migration is an important part of mobile fleet management process. It allows IT department to unify the migration between Samsung devices based on Knox Workspace. In addition KODO can be fully user-centered. Employees can implement migration by themselves with minor involvement of company s IT helpdesk. Migration procedure 1. Go to Knox and open KODO application 2. Login to KODO with your username and password 3. KODO will detect that you are logged in with a new device and will ask if you want to migrate your data 4. Select and choose device which data from you want to migrate 5. Migration process will start and you will be notified when it s over 12 P a g e

Both, IT staff and users will especially appreciate the migration feature in the following easy-to-imagine life situations: device has been stolen device has been lost device has been destroyed device is in maintenance mode user has acquired a new phone when company changes standard of a mobile fleet Knox Awareness The Knox Workspace container is designed to separate, isolate, encrypt, and protect work data from attackers. This enterprise-ready solution provides management tools and utilities to meet security needs of enterprises large and small. It s natural for KODO to be aware of Knox and recognize which files origin from the Container. For more information about Knox go to: https://kp-cdn.samsungknox.com/6ee7dbf222f5eabeafea9d15e3986f09.pdf Section: Samsung Knox overview Page 11 System runs, even if Google Services are disabled. KODO can be customized by applying the policies that automate protection and lifecycle of the data. It can be also set up quickly by using defaults to the most common settings. 13 P a g e

KODO in Knox container is identified as separate device, without any ability to see it from the outside. Container vs Private 14 P a g e

Summary Storware KODO enhances Knox by delivering safe folders and files backup. Data and transfer encryption allows you to backup and also share your data among co-workers in a very safe way. KODO is a powerful tool for Samsung products that allows to restore important data if device is broken or stolen. With full understanding of public, military, government and commercial sectors organization, KODO completes the Samsung Knox solution enabling access to copy of data in case the user demand. About the Author Paweł Mączka, a visionary and a geek, but first of all he is a founder and Chief Technology Officer of Storware. His work background origins from IBM where he started the career as Technical Sales Engineer in data protection area based on IBM Tivoli Storage systems. Addicted to Storage and Data Protection Solutions serve in every combination cloud, hybrid, on premise. Mobility evangelist, concentrated on security aspects, MDM, backup, secure sync & sharing features. About the Company Storware is a company building the simplified data protection products for businesses. We help to reduce the risks of data loss and its related costs. Wherever you keep your data, in the cloud, on servers or endpoints - we continuously care and bring additional value to them. Storware successfully offers products through the worldwide distribution and partner channel. 15 P a g e

Storware Sp.z o.o. Sp.K., ul.leszno 8/44, 01-192 Warsaw, National Court Register No. 000551481, VAT 5213656342 Copyright 2017 Storware Sp. z o.o. Sp.K. All rights reserved. This product is protected by international copyright and intellectual property laws. Storware logo is registered and protected by EUiPO. All other marks and names mentioned herein may be trademarks of their respective companies. Item No: STO-WP-KD/SG-1 16 P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback