Late last month, Hypori was the first virtual mobile infrastructure (VMI) provider to obtain the “difficult” Federal Information Processing Standards (FIPS) 140-2 Level 1 certification for cryptographic modules from the National Institute of Standards and Technology (NIST).
The certification approves Hypori’s virtual mobile device (VMD) as a method for federal civilian agencies, intelligence communities and military branches to secure data and applications that would otherwise be vulnerable when stored on a physical mobile device.
In July 2016, the company was granted a Small Business Innovation Research (SBIR) Phase II contract by the Department of Homeland Security (DHS) Science & Technology (S&T) Directorate that allowed “key capabilities [be] delivered as part of S&T investments to secure mobile apps and data against modern-day cybersecurity threat vectors.”
S&T awarded Hypori the SBIR Phase II contract to expand its virtual mobile infrastructure platform in ways that address government needs and requirements.
Vincent Sritapan, program manager for S&T’s Cyber Security Division, told Homeland Security Today Wednesday, “Virtual mobile infrastructure with Bluetooth access control, as combined by Hypori, is the first solution of its kind to bring the full functionality of a virtual mobile device together with all the smart features mobile devices offer today. For DHS S&T, it takes virtualization to new heights, enabling missions using special purpose equipment that relies on Bluetooth communications, while incorporating management, security and ease of use benefits. With these new virtualization capabilities, users can securely connect to the various sensors on a mobile device (including secure voice) and make use of Bluetooth technologies needed to accomplish their missions.”
Sritapan also revealed, “DHS S&T is piloting and plans to further implement virtual mobile devices with Bluetooth access control to support our many missions that protect the homeland security enterprise. We cannot name specific components, but we definitely have high hopes for various use cases, including enabling state and local organizations that work with DHS, granting multiple users access on the same device, and even international travel where no resident data should be risked on the device.”
“The breadth and number of government, defense and homeland security scenarios that could benefit from virtual devices is remarkable, so we’ve been grateful to have the DHS S&T as an innovation partner for the last year or so,” Sanjay Challa, director of product at Hypori, told Homeland Security Today. “They’ve helped inform our understanding of how features and capabilities map to specific use cases, which has in turn allowed us to focus and prioritize improvements to our secure virtual devices. The recent Bluetooth capabilities we added to our platform are a tangible example of how collaboration with the DHS S&T is helping us continue to build a more compelling and relevant solution.”
Challa added that, “The appeal of a technology that allows end users to work from a mobile device with the same native experience they’re used to – but with all data and apps residing in a secure data center or cloud rather than on the vulnerable mobile device itself – becomes obvious for diplomats, military command, intelligence agencies, first responders and other government officials. There’s no risk of data loss or systems being infiltrated if an end user loses a device, has it stolen or happens to get hacked. The physical device is simply a thin client that can be easily replaced without putting sensitive assets at risk. That combination of reliability, simplicity and security was paramount to getting the DHS S&T on board with the technology.”
Hypori said, “Law enforcement agents at ports of entry or airports can securely connect and use Bluetooth headsets and scanners with apps residing in the Hypori virtual mobile device, while keeping other unsafe, unapproved Bluetooth devices commonly found in airports from connecting … Regionally, first responders can rely on Hypori to securely use mobile devices when reacting to emergencies without the liability of storing any sensitive apps or data on the physical mobile device.”
And, “Beyond US borders, government representatives traveling to high-risk foreign locations can turn to Hypori’s technology for mobile access while eliminating the threat of data loss resulting from their physical mobile device getting stolen or hacked. There are also defense applications for Hypori’s technology in securing tactical mobility, where field operatives have a mobile solution with no data at rest that can be used to communicate with central command.”
“This technology presents an opportunity for government to securely connect with first responders to support the Homeland Security Enterprise,” said Acting Under Secretary for S&T Dr. Robert P. Griffin, Jr. “This enhancement will ensure data privacy and interoperability with device peripherals used in the field such as vehicles or other special purposed equipment.”
Hypori virtual device’s FIPS 140-2 certification “is the latest in a long line of certifications and validations from federal standards bodies, regulatory agencies and research partners,” the company said, adding, “It follows a Common Criteria for Information Technology Security Evaluation certification from the National Information Assurance Partnership (NIAP) and inclusion of the Hypori client on the National Security Agency (NSA) Commercial Solutions for Classified Program Components List.
Hypori is also the only VMI vendor to meet requirements for the NSA Mobile Access Capabilities Package.
The company said, “This most recent FIPS certification for the virtual device complements the same level of certification for the Hypori client and a FIPS 140-2 compliant mode for the Hypori server, during which the server only uses FIPS 140-2 cryptography.
“The needs and requirements specific to federal agencies are complex but also paramount to national security and keeping our government operating efficiently,” said Bill Moore, director for public sector at Hypori. “We’ve been particularly homed in on ensuring that every facet of the Hypori platform, from end to end, meets those requirements, making us the only legitimately certified option for government agencies of every type and tier.”
Hypori referred to Lookout, Inc.’s report, Federal CIO Insights: What’s Next in Mobile Security, to point out that “government agency leadership, CIOs and IT organizations are increasingly understanding the benefits behind virtualizing mobile devices to run applications and process data in remote data centers or the secure cloud.”