The Evolution of Enterprise Mobility

For more than a decade, the core problem in enterprise mobility has been the same: how do you protect sensitive mobile data without taking control of a personal device? Well...our first answer was MDM and MAM. In the early 2010s, they gave us remote wipe and containerization to manage the BYOD boom. But the model was flawed from the start. Employees resisted device surveillance, corporate data still lived directly on the phone, and every OS update created a new compliance headache. The security landscape was changing faster than these tools could keep up. We needed a radical new idea. This led to the first generation of Virtual Mobile Infrastructure (VMI).The idea was revolutionary: run the entire mobile operating system in a secure cloud environment and stream only pixels to the phone. The phone became a window, not a container.Early VMI proved that true isolation was possible. But with slower networks and less mature cloud infrastructure, the timing wasn't quite right.

Then came the next wave of sophisticated mobile threats—Zero-click exploits, advanced malware—exposing just how vulnerable MDM containers really were.The market finally knew the truth: MDM was trying to make insecure devices less insecure.

This set the stage for the modern era. From 2020 onward, the rise of Zero Trust perfectly aligned with VMI.Zero Trust demanded we Never Trust the Device. And VMI was the only solution that could guarantee it. Why? Because the data never leaves the secure environment. This brings us to today. The new generation of VMI—led by Hypori—has solved the remaining limitations. We deliver fully virtualized environments with hardened isolation architecture. No corporate data at rest, and no visibility into personal activity.  This is the new standard for compliant BYOD in defense, healthcare, and finance. The future is clear. MDM will exist for corporate devices, but VMI is poised to become the dominant approach for secure BYOD.The future of mobility isn’t managing devices. It’s eliminating the need to manage them at all. Find out why VMI is the new standard.

So, Jared, thanks for joining us. I know that with zero trust, one of the big things is making sure that no matter where somebody is in an agency, they have access to the data on their edge devices in order to fulfill the mission. So given your role and what Hypori does, I'm wondering, what does zero trust on edge devices look like in practice, especially when you are protecting sensitive and classified data?

Sure. So, I mean, of course, the last part is the hardest part, which is, like, protecting sensitive and classified data. Of course.

You know, we we talk a lot about zero trust. It's obviously why we're here. I I would say we're past the Wright brothers' age of of flying, in zero trust, but I don't think we've quite broken the sound barrier yet. And I I think as the previous panel pointed out, you know, that this is a constant evolution and growth that we're gonna have to continue to work towards. One of the things that often is the last thing considered, ironically, is the now, I think, the largest attack surface that's out there, which which is, I think, the one thing that's probably everybody in this room is carrying with them, is a mobile device. It's also the preferred method of connection for just about everybody when they're on the move.

It is not necessarily a remote workforce as the current administration has pointed out. It's more the idea of a flexible workforce that can access technology or data from anywhere.

One of the things that we also try to point out is, like, zero trust is not controlling the edge device. Zero trust is protecting the data and verifying that the individual who has access to the data is supposed to be the right person with the access to the data, to the right data, and ensuring that nobody else has access to it. That's a two way street in that it it's not just protecting the data that the individual is trying to access, it's also protecting the individual and the individual's data. So it becomes a privacy argument as well.

So talking about the data, what does it mean to be a good steward of the data as part of zero trust, and how does that enable stronger security inside agencies?

Well, I mean, we could probably go on for a couple hours and talk about that. Everything from how you tag data, how you allow access to data, where data is, you know, is originating from, where it's going to. But in in Hypori, one of the main things that we do, if if any of you don't know what Hypori is, it's essentially a highly secure virtual cell phone. So that means rather than data ever being on your phone, you're actually using your phone to interact with data, but never actually be in possession of data.

And so the the the beauty of that is is that the data never actually leaves your enterprise. It only streams pixels of the information to the edge device, allows you to interact with it as if you were in possession of it, but never actually be in possession of it. So we think being a good steward of that data is ensuring that it's never exposed to what, from a Zero Trust perspective, we assume the edge device is already compromised. Right?

So that assumption of the edge device being compromised is one of the most fundamental things. And then inversely, I also protect the user or the the person accessing the data from overreach of the enterprise. Right? So the enterprise doesn't need to know what's on the user's personal phone.

And inversely, the user, regardless of what they have on their personal phone, shouldn't be able to compromise or sacrifice the enterprise's data.

So how does that work with CMMC? Like, how do you help security contractors reframe their mindset when it comes to meeting CMMC and, you know, thinking about it as a security imperative rather than just something they need to do from a compliance standpoint?

It's it's one of those things, you know, being a guy who's a multiple serial entrepreneur who started a couple of companies. I'm sure there's at least a couple of people in here from the defense industrial base.

A lot of us, I think, when we first saw CMMC come out, we said, oh, god. This is a burden. Right? This is this is BS compliance stuff that we're gonna have to do that's not necessary.

But I I guess I would push you to remember that if you guys have ever seen the the Chinese joint the version of the joint strike fighter, looks a lot like ours. It wasn't because they hacked the Department of Defense network to get that data. They hacked the contractor's network to get that data. Right?

And and if you look at the the the transfer of IP or intellectual property to China, it is almost all been through theft, and that theft has largely not originated on government networks. It's it's been in the periphery of government networks. So developers, contractors, people who are doing that. Because if you think about the next great breakthrough of AI is not gonna be done by the US government.

In fact, it probably won't even be done by Google or Microsoft or AWS. I'm sorry for any of the guys that are the bigs in here. But it'll probably be done by, like, three guys and a gal in a garage somewhere who have a good idea, and they're gonna come with something that's gonna be breakthrough technology, and they're gonna be able to bring this and help change the way that we do business from a mission standpoint.

And but the problem is, you know, what they don't have is they don't have easy access to a way in which to protect and secure their data. So so Hypori from a CMMC standpoint, what we tried to do is we tried to turn out just a turnkey mechanism in which you can allow your employees to have access to that CUI level protected dataset, from any edge device, but without without risking your employees' privacy or employees' device and without you having to significantly scale your infrastructure. So everything from a regulatory standpoint shouldn't be an add to an infrastructure. Otherwise, it's just not scalable.

What are some of the other compliance hurdles do you think that, contractors and agencies need to think about, especially when you're talking about sensitive data on a mobile device? Like, I hear that phrase, and I I kinda shudder myself that I could have access to even just like, I think about it when I'm just doing my job and I can access a Google Docs on my phone. Even that makes me nervous from the standpoint of all the other things on my phone. God forbid, what's on, a government device when you're dealing with sensitive data. So what other compliance regulations, do you think that contractors and agencies have to work through when thinking about that mindset of access accessing sensitive data on a mobile device?

Sure. So I mean and I think most of us who are practitioners know, if you're in the cyber world, compliance is not security. Right? It's just compliance.

Security is an active state of of defense that you have to do. Me being an old knuckle dragger, right, you know, you know, having being armed and wearing body armor does not mean that you're a warfighter.

Being proficient on the battlefield and being able to engage the enemy means that you are.

So from from a data standpoint, we have to assume, I mean, I think everybody here has at least one cell phone on them. If you have two, Hyperi can help you by the way, but if if you have one cell phone on you right now, then you have an attack surface that you're carrying with you everywhere. If if you don't think that TikTok is an attack surface, it's because you're not paying attention.

If you just go read their disclaimer by itself, it openly tells you that TikTok collects not just its information, but every other messaging platform that's on your phone. Right? And so you start to tie that into activities, locations, behaviors, etcetera.

I mean that's a nation state sponsored influencing tool, right? Well what about deep seek? What about every name the unvetted technology that your seventeen year old kid is gonna download to your phone when you're bored and where they're bored or at two o'clock in the morning, right? So if we we don't consider the fact that the Edge device is an attack surface then then we're not paying attention.

So what's the best way to to mitigate that? Don't allow data to exist on the Edge device, right? Don't stream it so it doesn't get intercepted. I don't know if you guys saw the FCC report a couple years back.

They identified two thousand three hundred Stingrays in this area, in the DC metro area, and they didn't know which agency they belong to. And they actually figured out that for the most part they don't belong to agencies. There are other people who are standing those up. Those you don't know what a Stingray is, a Stingray is something that pretends like it's a cell phone tower, it gets your phone to actually associate to it, and it can then replicate all the data off of that that you're either transmitting or receiving.

So the thing that decision makers are using every single day to interact with is that mobile device. And the best way, in some ways, to protect that is just don't let data be there. Right? Allow you to interact with data, but not be in possession of data.

That's kind of our approach to that. And I think from a CMMC and even from a classified standpoint, I mean, I think we're us and DISA are running head and head for how many classified mobile devices there are out there. And, our key principle is that because there's never actually data on the Edge device, if you lose a mobile SIPR device, you didn't lose SIPRNET. You didn't lose classified data.

So that that's, it's a big reason why we're actually used internationally as well.

So I know we could talk about this for hours, but I'll give you sixty seconds. If you're a smaller, contractor and, you know, you're worried about the nation state adversary, whether it's TikTok, Stingrays, anything else, in between. What else can you do to secure your devices to make sure that you're not the next contractor that is leaking IP overseas?

I mean, there's there's obviously I'm sure a lot of the panels are gonna talk about it. There's a lot of things that you have to worry about. About identity, you have to worry about access, you have to worry about how you protect your data, you have to worry about your infrastructure perimeter, where your data goes, how it goes. But from a mobile standpoint, which is, I think, why I'm here, from a mobile standpoint, you know, Hyporia obviously can provide that as a service for, especially if you're a small medium sized business.

That was kind of the envision was for us to to help you not have to add infrastructure to your environment and to make something like CMMC or compliance or more importantly, being able to protect the mission, a achievable thing from a small medium sized business. If you guys are interested, come see us, we'll be over there in the corner. But it it fundamentally, from a zero trust standpoint, just remember that it's our responsibility not just to protect data, mission data, but it's also your responsibility to protect your employees information and your employees' privacy. And and that is a double edged sword, and it's something that's hard for us to strike a balance with.

Great. Jared, really appreciate your insights.

Appreciate you guys having me.

‍