Why Samsung Knox has Flopped

In February of this year, Samsung Knox was one of the most hyped mobile device management solutions entering the market. It was a major focus at Mobile World Congress (MWC 2013) in Barcelona, Spain and it had its own ad campaign associated with the launch of the Galaxy S4. Some went so far as to name Knox as a game changer, providing Samsung with a competitive advantage against Apple by allowing people to quickly switch between corporate and personal data.

Yet, as we reach the last day of 2013, Samsung Knox has proven to be a complete flop that will most likely not be adopted by the majority of organizations using Android devices.  To add to these woes, I met with several leading defense contractors and government technology executives in Washington, D.C. in mid-December, who stated that they would not deploy Knox. Samsung has done so many things correctly, so how is it that they messed up Knox so badly?

First, Samsung made a cardinal mistake of software: releasing vaporware. When Samsung made their initial announcement in Barcelona, they positioned themselves as a direct competitor and alternative to Blackberry. Blackberry, for all of its faults, understands enterprise security policies and governmental concerns very well and both the Blackberry BES and Balance solutions are well understood by CIOs. By contrast, nobody was really sure what Knox could do other than provide containerization. In this, Knox seemed simply to match the functionality that Good Technology had provided for years, but sadly without Good’s Common Criteria Evaluation Assurance Level 4 security. EAL4 means that Good provides the “higher confidence that the system’s principal security features are reliably implemented, specifically the ‘Methodically Designed, Tested, and Reviewed’ parts of the Common Criteria.”

Second, Samsung Knox only worked on Samsung Galaxy devices. Although Samsung is the market leader in smartphones and tablets, it still lacks the clout that a Microsoft Windows had in the 1990s. In reality, mobile device and application management needs to be a cross-platform solution. Just as nobody wants to care about the compatibility of the landline phone or Windows PC he or she buys, nobody wants to care about what kind of smartphone or smart device they buy. For Knox to be viable, it needed to work on all Android devices at a bare minimum.

Third, Knox suffers from “Not Invented Here” (NIH) syndrome. The objection I heard repeatedly in Washington, D.C. was: “because it’s not made here in America!” For much of the past decade, Blackberry represented the best combination of mobile security, usability, and price. As a Canadian-owned company, Blackberry was trusted on a global basis as a safe harbor for corporate, government and private data. South Korea, although a trusted economic ally to many of the world’s leading economies, has not earned that same level of trust with other G20 governments that would seek an integrated and secure mobile solution.

Fourth, Samsung struggled to build support services around Knox for carriers and large enterprises. Although Samsung has done a great job in appropriating Apple’s technology and aesthetic, this skill set does not translate into the ability to fully integrate with the OSS/BSS technologies that carriers support.

OSS - BSS example

Example of OSS / BSS

Fifth, Samsung charged too much. The original price for Samsung KNOX was $3.60 per month per device. This price is not competitive with the current enterprise mobility management market. Many EMM players such as Good Technology have brought their MDM price down to $5.00 per month per device. This means Samsung Knox represents a premium simply to use Samsung devices in the enterprise. Samsung Galaxy devices are popular. However, their utility and popularity are not so great that companies should throw away their iPhones and iPads to pay more to secure their Samsung devices. Especially when other leading EMM players such as AirWatch and MobileIron have solutions today to compete with Knox for their enterprise customers.

Sixth, and perhaps worst of all, Samsung KNOX has been hackable. There is a possible flaw that allows black hat hackers to grab mobile messaging sent through Galaxy devices. In light of Blue Hill’s recent blog post on the increased desire for temporary and untraceable messaging tools such as Snapchat, the idea that a “secure” messaging solution could be intercepted is a big challenge. Samsung seeks to be acknowledged as a compliant solution, but it will need to do more to win hearts and minds.

If Samsung can botch its entry into the mobile device management game, anyone can. There are some lessons for the market to learn. First, mobile management is a multi-platform game. Handling only one platform well makes you a niche solution. Second, price your solution based on what the market is demanding and be mindful that it has to be part of an EMM ecosystem. When competitors are trying to drive the cost of management to $5-$7 per device per month, compared to $3.60 per month, your price is not competitive. Third, accept that FUD is an important part of selling security. If your solution actually adds Fear, Uncertainty, and Doubt to your buyers because they want a solution that meets in-country storage and development standards, provide your buyers with that extra level of assurance.

It’s still not too late for Samsung to get into the mobile management game in earnest, if it chooses to do so. However, Samsung need to either get serious and go multi-platform or gently slide away from this business and leave it to EMM companies such as AirWatch, MobileIron, and Good Technology. Each has proven their mobile security chops with real solutions that can enable multiple, layered controls across a device security ecosystem.  These vendors allow the ability to distribute, containerize, and tunnel enterprise data safely and securely well into 2014 and beyond.

 


About Ralph Rodriguez

Ralph Rodriguez is the CEO and Chief Research Officer of Blue Hill Research and an industry expert across cloud, mobile and security technologies. Ralph brings over 25 years of experience spanning IT management, research and entrepreneurship in a variety of executive CxO roles. Previously Rodriguez served as COO of Nucleus Research, Inc., SVP and Research Director at Aberdeen Group (NYSE:HHS), CTO of Brooks Automation (NASDAQ:BRKS), EVP-CIO of Excelon Corporation (NASDAQ:EXLN) and EVP-CIO of C-bridge Internet Solutions (NASDAQ:CBIS). Rodriguez is currently a Fellow at Massachusetts Institute of Technology (MIT) and holds a Sc.D. in information systems and a graduate of the management program GPMD-MBA at IESE Business School, Barcelona Spain. Rodriguez is a veteran of the Persian Gulf War.
Posted on by Ralph Rodriguez

4 Responses to Why Samsung Knox has Flopped

  1. Ralph A. Rodriguez says:

    Hi Fred, appreciate the comment. I would agree that most MDMs have this issue. As you say Knox “could be secure” but perhaps the kernel self-protection is beyond their ability, knowledge/experience or control? Like you, I would like to see them apply some classic PC type kernel protection. For example, Blackberry 10 focused theirs on the QNX Neutrino OS Micro Kernel architecture with protected virtual memory. I’ve read that the core kernel of QNX is ~100,000 lines of code, which from my experience means that you can really focus on making those lines perfect, efficient, stable, and most importantly optimized to run stuff. The Samsung team should focus on it with their hardware chip and CPU guys, aka Qualcomm. Qualcomm is the maker of the Snapdragon 801chip, which powers their new S5. This is a widely known problem in the PC world (illuminated here: http://stackoverflow.com). Mobile is the new PC …

  2.  avatar Fred Schlip says:

    You can’t be serious about the app-wrapping solutions from MDM vendors. All of them can be easily injected in to from user-space.

    KNOX could be secure if they put typical kernel self-protection into the solution.

  3.  avatar Ralph A. Rodriguez says:

    Hi Michel, thanks for bringing this up. However, I believe the point of confusion arises because Knox is actually not an MDM solution. Knox is a security solution that would be a part of an overall MDM suite. Samsung Knox was created to provide security features that enable business and personal content to coexist on the same handset. See: http://en.wikipedia.org/wiki/Samsung_Knox

    The fifth point is meant to highlight the fact that Samsung is charging $3.60 per month per device for only the security portion of MDM. Competitors such as Good Technology charge $5.00 per month per device for the entire suite of services (including security other than Knox). The premium that Knox demands for an organization to use Samsung’s security is too high to be competitive.

  4.  avatar Michel Ehlert [MSFT] says:

    The fifth point states that Samsung Knox is more expensive, right? Is there maybe a typo in the following line: “The original price for Samsung KNOX was $3.60 per month per device. This price is not competitive with the current enterprise mobility management market. Many EMM players such as Good Technology have brought their MDM price down to $5.00 per month per device.”

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>