Samsung fortifies enterprise security on its Android phones

Maker of popular Galaxy smartphones teams up with Lookout Mobile Security to bolster its own Knox technology

Because of Android's bad-boy reputation in security circles, phones using the mobile operating system haven't been welcomed into enterprises with open arms. Samsung's trying to change that.

It announced Wednesday that it's teaming up with Lookout Mobile Security to add more protection for users of its Android mobile phones that support its Knox security technology.

Knox provides security from the hardware through the application layer, while retaining compatibillity with Android. Lookout for Knox will include real-time, cloud-based scanning to protect against mobile threats from email attachments, Web browsing, and any type of file sharing services.

When introduced in March alongside Samsung's new flagship handset, the Galaxy S4, Knox was seen as a play to make Android a more palatable mobile platform for the enterprise, where the operating system's reputation as the mobile world's equivalent of Windows for hackers was hurting its acceptance.

That strategy gained credibility in June when the Pentagon approved the use of Android devices for use in government and military use.

With the addition of Lookout's software, Knox will give system administrators more flexibility when dealing with employees who want to use their personal mobile devices at work.

"People want to engage in some personal activity on their phone," Lookout CTO Kevin Mahaffey told CSOonline in an interview. "That comes at odds with the traditional way of securing devices connecting to the enterprise."

"Policy and control are giving way to more flexible forms of security on mobile devices," he said.

While Lookout's cross-platform security products already have a broad reach -- the company estimates it's used in 50 percent of the Fortune 500 -- Knox's reach is still limited.

"It's only available on a few devices from a single manufacturer," said Dave Amsler, president and CIO of Foreground Security. "The whole point of BYOD is letting employees choose what type of device to use."

[Also see: Five myths about mobile security]

And despite Lookout's wide adoption, Amsler said: "It's not yet clear what sort of enterprise features will result from this Samsung-Lookout partnership. Without centralized monitoring and control, it will be hard to get enterprises interested."

Nevertheless, the Samsung-Lookout partnership should have a positive impact on Android's sketchy security reputation. "It will work for Android's benefit because it adds a layer of security for the Android platform," said Berk Veral, a senior product marketing manager with EMC's RSA.

"Android has a reputation that it's not as safe as other operating systems," he added. "Now, phones coming with this software will make companies feel a little bit better about letting their employees use Android-based devices."

Tom Stitt, director of product marketing at Sourcefire, said the move could also have a wider impact on the Android ecosystem. "It will open up a conversation around security at the mobile device that will allow for broader adoption of BYOD devices into places where they may be restricted today," he said.

Incorporating more security into its mobile platform is a savvy move by Samsung, but it misses the bigger problem facing the mobile world, maintained Tom Kellermann, vice president of Cyber Security for Trend Micro.

"It won't stem the wave of mobile attacks that are growing in their virulence and sophistication," he said in an interview. "It's a strategically astute move, but this isn't a panacea by any means."

"If I can attack the browser on the device, if I can attack an app on the device, I can constantly circumvent any kind of MDM capability that you can fit on a device," he maintained.

However, there are others who believe Android security risks to be exaggerated. "The chances of the average consumer going about their business and getting infected with malware are pretty low,"  Ciaran Bradley, vice president for handset security products at AdaptiveMobile, said in an interview.

"I've seen this cycle before," he explained. "In 2004, 2005, all the big anti-virus companies all produced software for Symbian smartphones. It very quickly petered out because people soon realized that the risk wasn't that great so they really didn't need anti-virus software on their phones."

"I think there's a case of that again with Android," he added.

"Yes, there's malware out there," he said, "but the chances of you getting it are low if you stick to Google Play and you're not trying to download pirated apps or looking for cheap apps from untrusted sources."

Copyright © 2013 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)