United States Air Force airmen and U.S. Space Force guardians could soon have the option of bringing their phones to work. Following the U.S. Army’s lead on bring-your-own-device (BYOD) efforts, the two services that are both part of the Department of the Air Force will allow service members to take part in the Hypori Halo Workspace Anywhere program.
According to a report from the Air Force Times, airmen and guardians will be granted access to government apps, email, NIPRNet, common access care (CAC)-enabled websites, and even “sensitive data” via personal devices – including smartphones and tablets. Hypori Halo Workspace Anywhere lives up to the moniker as well, providing that access in the office or on the go.
Jared Shepard, CEO and president of Hypori said about 50,000 Army enrollees have been using the platform, which provides access to Army 365 services.
BYOD Becoming the Norm
The U.S. military has been slow to follow the trend in BYOD devices, and for good reason. One unprotected mobile phone could be a weak link in a cybersecurity chain.
“This is a very big deal because the military obviously has to secure some of the most sensitive information imaginable so this needs to be done right,” said Paul Martini, CEO of zero trust security provider iboss.
“While service members in the Air Force and Space Force need to access information and data outside of their office or base on their personal devices, Zero Trust initiatives are needed to ensure secure connectivity and make sure highly-sensitive information isn’t lost or stolen,” Martini told ClearanceJobs. “Legacy cyber solutions that only verify the identity of the user are not enough because to truly secure remote users and devices, you need to inspect every request for information individually.”
As a result, service members may have had to carry multiple devices in the past – but Hypori will eliminate that need while ensuring data and access is fully compartmentalized accordingly. In addition, reservists and part-time members of the services will only be provided limited access to base networks.
“The program reflects the realities of our world,” suggested Morgan Wright, chief security advisor of cybersecurity provider SentinelOne. Work is something you do, not a place you go. The ability to perform many administrative and operational tasks allows personnel to work from anywhere. However, it has been constrained to only access the lowest level of sensitive information, CUI, Controlled Unclassified Information, and NIPRNet, the non-classified network. It consolidates the number of devices needed, controls costs, and improves audit and accountability.”
Hypori Halo Workspace Does Go Anywhere
The technology from Hypori could provide the ability for BYOD to extend to the military, in part because of how it is set up.
“Conceptually, Hypori provides a virtual desktop for the military to use, meaning that they have no federal government data on their devices,” explained Karen Walsh, CEO of cybersecurity provider Allegro Solutions.
“The Hypori operating system is virtualized, meaning that it’s distinct from the device’s OS so that any compromise of the device won’t impact the federal data,” Walsh told ClearanceJobs. “Essentially, all data that belongs to the government sits in this cloud environment which is distinct from anything on the device. You can think about it like the data version of a two-family house. The same house – in this case, the device – can provide access to two different residences. In the data case the user’s apps and the government data.”
A lost device would not grant access to the U.S. Air Force or Space Force data.
“A thief would need to break into both apartments separately, compromising different security controls,” added Walsh. “While the first-floor apartment might not have an alarm system installed, the second-floor might have an alarm system and security camera for additional protection. Similarly, by separating the user’s device from where the government data resides, an attacker would have to compromise the government’s Hypori environment rather than simply the user’s device to get to the federal data.”
The Future of BYOD and the Military
The technology from Hypori may open the way for more military personnel to use their personal devices, but there could still be some shortcomings warn experts.
“The most important thing to realize is that the type of controls available on a personal device simply cannot equal those on a device that is owned by the organization. This is largely due to privacy concerns that must be addressed in order for end users to be comfortable bringing a personal device into the workplace,” Michael Covington, VP of portfolio strategy at device management and security developer Jamf, told ClearanceJobs.
“BYOD is a fantastic concept and, when implemented well, can provide many benefits to the organization and the end user. The key is to understand that this is not an either/or decision,” Covington added. “Businesses should explore BYOD, embrace it where possible, but continue to offer tiers of services based on clearly defined device requirements.”
Concerns of unintended data leakage also remain, even as the content is largely maintained in the cloud.
“Forbes recently published an article about how a fitness app was exploited to track Israeli soldiers. The same thing happened to the U.S. Army four years ago,” cautioned Wright, who told ClearanceJobs “No matter how much QA review has been done, there will inevitably be a security issue that develops from an edge case not contemplated during design and testing in the field. However, it’s important to note the program is only voluntary—not mandatory. It offers significant cost savings and is essentially an app that opens a Remote Desktop.”
