Samsung SAFE Seeks to Jostle RIM From Enterprise Security Throne

Using on-device encryption, mobile device management and support for enterprise grade VPNs, Samsung is hoping to move Galaxy from consumer to business users and in the process challenge RIM's dominance in secure enterprise mobile communication.

Samsung SAFE (Samsung Approved for Enterprise) reverses the €œconsumerization of IT€ trend by transforming the mobile device maker's smartphone handsets into devices that are secure enough for enterprise use.

Today Samsung will likely have an uphill battle in organizations that are satisfied with Research In Motion's BlackBerry Mobile Fusion, which can secure Apple€™s iPhone iOS and Android devices along with BlackBerry phones and the PlayBook tablet. However, the pressure to accept a diversity of end-user devices is increasing. In this light, Samsung SAFE devices have all the hallmarks of an enterprise-ready device that IT managers should put on their strategic plan for supporting mobile users who require secure communication on a Samsung handset.


Click here to see Samsung SAFE in action.

I used a Samsung Galaxy S III smartphone along with third-party mobile-device management (MDM) and VPN technology as well as Samsung€™s on-device 256-bit Advanced Encryption Standard (AES) encryption capabilities to see how SAFE works.

The first thing to take note of is that Samsung SAFE is a security designation that the handset maker uses to specify that some of its handsets are ready for use with third-party security products. Today, this means that handsets are designed to work with MDM systems from AirWatch, Juniper Networks, MobileIron and SAP€™s Afaria. Samsung is working with Cisco, F5 and Juniper for VPN support, and Microsoft Exchange ActiveSync for corporate email, calendar and contact information. All these third-party tools are wrapped up with on-device AES 256-bit encryption of both the phone and any removable Secure Digital (SD) card memory.

All in all, my work with Samsung SAFE shows that IT managers will benefit from starting pilots today to see how the €œapproved for enterprise€ capabilities of Samsung devices will fit in with future mobile communication plans to support user choice.

Device Encryption

The first thing I tested will also likely be the biggest stumbling block for Samsung SAFE: device encryption. Of course, it€™s a great idea to encrypt the contents of the phone and any removable media in the phone. And nothing is more counterintuitive to the user experience of picking up a smartphone and getting right to work. Tight security based on strong passwords is a pain no matter which mobile handset maker is implementing it.

For example, I encrypted my test phone, a Samsung Galaxy S III running Android 4.0.4 (Ice Cream Sandwich). As a result, I needed to enter a strong password when I turned on the phone from an unpowered state in order to gain access to the SD card (not a very frequent action) and also every time the screen was turned on using the power button (very frequent.) Entering this password was fine during testing, but I wouldn€™t want to do it in the course of a workday.