Security notice regarding storage and search behavior for PII
Last updated November 17th, 2023
Environment
- Samsung Knox solutions and services
Overview
In the Knox cloud service 23.12 release, the Samsung Knox Team is implementing a critical update to the security of how personally identifiable information (PII) is stored at rest on Knox infrastructure. PII data will receive an additional layer of encryption in compliance with internal security policies at Samsung, which dictate a higher security standard than those required by legislation across our various global markets. With this new encryption layer, the attack surface of your business and end user PII is further minimized.
Starting with the 23.12 release, the corresponding changes to the back end will have immediate impacts on all Knox cloud services for search on the central Administrators & Roles page, and individual services’ User, Group, Device, History, and Activity log pages.
Impact
The following database fields, which are treated as containing PII, are affected:
- Personal name
- Phone number
All other fields are unaffected.
The impacts are as follows:
- To search for any of these fields, you must enter the entire identifier. In other words, partial searching is no longer supported. Partial searching means searching for incomplete segments, or sub-strings, of a field. For example, before you could search for all admins with the term Al to retrieve all first names that started with those two letters, such as Ali, Alex, and Alexandra. For another example, if prior to 23.12 you searched by email domain to return all accounts of a particular division, such as @support.example.com to return both alex@support.example.com and ali@support.example.com, you must now search by their complete addresses instead.
- Sorting the search results for these fields is no longer supported.
Per-service search behavior limitations
Consult the following table for a breakdown of the search behavior for PII across Knox services.
The Samsung Knox team plans to implement additional modifications to search behavior in other interfaces and Knox services in 2024. The table below will be updated to reflect these changes as they are deployed.
| Affected service | Affected areas | Search behavior |
|---|---|---|
| Knox Admin Portal | Administrators & Roles > Administrators |
Searching for partial email addresses and partial personal names is unsupported. Sorting by personal names is unsupported. |
| Knox Manage |
Device User Group > Add Group > All Users/Devices History > Email & SMS History Setting > Android > Limited Enrollment |
The first and last name are a single joined string. To search for a name, you must search for the full name, including the space between first and last names. Searching for email addresses and personal names is case-sensitive. Searching for partial email addresses, partial personal names, and partial phone numbers is unsupported. |
| Knox Remote Support |
Devices History Activity log |
Searching for partial email addresses and partial phone numbers is unsupported. |
| Knox Configure | Activity log |
Searching for partial email addresses is unsupported. Sorting by personal names is unsupported. |
| Knox Guard | Administrators and Roles > Administrators |
The first and last name are a single joined string. To search for a name, you must search for the full name, including the space between first and last names. Searching for partial email addresses and partial personal names is unsupported. Sorting by personal names is unsupported. |
| Knox Reseller Portal |
Administrators & Roles > Administrators Activity log |
The first and last name are a single joined string. To search for a name, you must search for the full name, including the space between first and last names. Searching for partial email addresses and partial personal names is unsupported. Sorting by personal names is unsupported. |
| Knox MSP Portal |
Administrators Activity log |
The first and last name are a single joined string. To search for a name, you must search for the full name, including the space between first and last names. Searching for partial email addresses and partial personal names is unsupported. Sorting by personal names is unsupported. |
Ongoing support
If your enterprise needs help with these changes to functionality, please submit a support ticket.
If you’re participating in UAT, follow these instructions:
If you’re a regular customer, follow these instructions instead:
Back to KBAsIs this page helpful?