In recent years, the demand for secure and compliant bring your own device (BYOD) solutions has increased significantly, particularly for defense contractors handling Controlled Unclassified Information (CUI). Hypori Halo has emerged as a promising solution to enable BYOD for the Defense Industrial Base (DIB) while adhering to CMMC 2.0 requirements. In this article, we will discuss the benefits and limitations of Hypori Halo and provide an objective analysis of its capabilities, potential cost savings, and the responsibilities of defense contractors in properly implementing and maintaining this solution.
Hypori Halo is a secure virtual workspace that allows users to access CUI from their personal devices without ever storing sensitive data on the devices themselves. It employs FIPS 140-2 validated cryptography, TLS 1.2 encryption and supports PKI credentialed-based multi-factor authentication to ensure secure communication and data protection. Hypori Halo is an agentless app that guarantees 100% separation of personal and corporate data. It can be used on Android, iOS, or Windows 10 devices.
Department of Defense (DoD) Approved
Hypori Halo is the only tested and certified bring your own device (BYOD) platform used by the Department of Defense (DoD). As a result, the U.S. Army initiated a Phase 3 pre-production pilot. The pilot aims to assess Hypori Halo's scalability as a zero-trust, BYOD solution for the Army, Army National Guard, and Army Reserve. The Army National Guard Chief Information Officer (CIO) Kenneth McNeill stated, "I’ve turned off my government device, and I’ve been working solely with this solution,” he said in an interview with Federal News Network.
“It works!” US Army CIO Dr. Raj Iyer speaks to his deputy CIO Lily Zeleka over Teams running via the Hypori application on his own device.
CMMC 2.0 Requirements
The following chart provides a clear and concise summary of the critical NIST SP 800-171 practices, their descriptions, and how Hypori Halo can support defense contractors in meeting these practices. This information will help you better understand the potential benefits of Hypori Halo for your organization's BYOD program and overall CUI security.
NIST SP 800-171 Practices | Description | How Hypori Halo Helps Satisfy the Practice |
3.1.1 | Limit information system access to authorized users, processes, or devices. | Provides a secure virtual workspace, integrating with existing access control infrastructure and ensuring only authorized users/devices can access CUI. |
3.1.16 | Authorize wireless access prior to allowing such connections. | Integrates with existing access control infrastructure, ensuring that only authorized wireless connections can access the virtual environment. |
3.1.17 | Protect wireless access using authentication and encryption. | Supports strong multi-factor authentication and uses encryption protocols like TLS 1.2 to protect data transmitted over wireless connections. |
3.1.18 | Control connection of mobile devices. | Enables the organization to control and monitor the connection of mobile devices through the secure virtual workspace. |
3.1.19 | Encrypt CUI on mobile devices and mobile computing platforms. | Ensures that CUI remains encrypted within the virtual environment, preventing sensitive data from being stored on mobile devices. |
3.13.8 | Implement cryptographic mechanisms to protect CUI during transmission. | Uses encryption protocols like TLS 1.2 to protect data transmission between the user's device and the virtual workspace. |
3.13.11 | Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. | Employs FIPS 140-2 validated cryptographic mechanisms to ensure the confidentiality and integrity of CUI. |
3.13.15 | Protect the authenticity of communications sessions. | Uses multi-factor authentication and secure communication protocols to ensure the authenticity of communication sessions. |
3.13.16 | Protect the confidentiality of CUI at rest. | Stores CUI securely in the virtual environment, ensuring that no sensitive data is stored on the user's personal device. |
Contractor Risk Managed Assets (CRMA)
BYOD devices leveraging Hypori Halo have the potential to be categorized as Contractor Risk Managed Assets (CRMA). By achieving CRMA status, these devices are not required to be physically or logically separated from CUI assets and are not assessed against the CMMC Level 2 practices. However, it is essential to note that BYOD devices will still be in the CMMC Level 2 assessment scope and must be documented in the asset inventory, the System Security Plan (SSP), and the network diagram. Additionally, these devices will be assessed against the CA.L2-3.12.4 practice.
The key to attaining CRMA designation for BYOD devices is ensuring that Hypori Halo is correctly implemented and integrated into an organization's security infrastructure. By doing so, defense contractors can strike a balance between enabling a more flexible and cost-effective BYOD approach while maintaining compliance with CMMC 2.0 Level 2 requirements.
Privacy
Hypori Halo stands out as an innovative solution to address the privacy concerns associated with traditional Mobile Device Management (MDM) solutions. While MDMs typically require access to employees' personal data on their devices in order to secure corporate information, Hypori Halo takes a different approach that resolves potential privacy liabilities.
By leveraging virtual mobile infrastructure, Hypori Halo creates a separate, secure, virtual workspace that is streamed to the employee's personal device. This means that all work-related apps and data reside within this virtual environment and never on the physical endpoint device itself. As a result, the solution ensures that CUI is protected while completely isolating it from the user's personal data.
Employees can confidently use their personal devices for work without worrying about their privacy being compromised, and employers can rest assured that their organization's sensitive data is securely isolated from personal data.
Cost Savings
Implementing Hypori Halo can result in significant cost savings for defense contractors, as they can avoid the expenses associated with purchasing and managing company-owned devices for employees. One of the most significant advantages of implementing Hypori Halo for BYOD and CUI compliance is the potential cost savings compared to traditional Mobile Device Management (MDM) solutions or purchasing company-owned devices for employees.
Assuming a scenario where an organization has 500 employees requiring remote access to CUI and comparing the costs of providing each employee with a $1,000 company-owned mobile device (plus $300 per device per year for management, maintenance, and security) against Hypori Halo's estimated annual subscription cost of $200 per user.
Without Hypori Halo, the organization would face an initial investment of $500,000 for device purchases and $150,000 per year for device management, maintenance, and security. With Hypori Halo and a BYOD policy, the organization would only need to pay an annual subscription cost of $100,000.
In the first year, the organization could save $550,000 ($500,000 for device purchases and $150,000 for management, maintenance, and security, minus the $100,000 subscription cost). In subsequent years, the annual savings would be $50,000 ($150,000 for management, maintenance, and security, minus the $100,000 subscription cost).
These estimated savings highlight the financial benefits of adopting Hypori Halo for the defense industrial base (DIB). The exact savings will vary depending on the organization's size and device.
Defense Contractors' Responsibilities
To ensure the proper implementation and maintenance of Hypori Halo, defense contractors must:
Develop and enforce policies and procedures governing BYOD and CUI handling.
Provide regular security awareness training to employees, emphasizing the importance of adhering to BYOD and CUI handling policies.
Implement and maintain secure access controls, including user authentication and authorization.
Monitor and continuously improve the security controls in place, and conduct regular risk assessments.
Limitations
While Hypori Halo offers numerous benefits, there are potential concerns and limitations that defense contractors should consider:
Dependence on reliable internet connectivity for accessing the virtual workspace.
Continuous monitoring and maintenance are needed to ensure the solution remains compliant with CMMC 2.0 requirements.
Hypori Halo presents a promising solution for defense contractors seeking a cost-effective, secure, and compliant BYOD to access CUI. While Hypori Halo addresses multiple NIST SP 800-171 practices and offers numerous security features, defense contractors must ensure that the platform is implemented correctly, operated, and maintained.
It is recommended that defense contractors work closely with trusted certified CMMC professionals to address any outstanding concerns or limitations and invest in developing robust policies, procedures, and training programs to ensure the CUI remains secure. By doing so, contractors can not only reap the potential cost savings but also maintain compliance with CMMC 2.0 Level 2 requirements and contribute to strengthening the overall cybersecurity posture of the Defense Industrial Base.
Don't leave your BYOD implementation and CMMC compliance to chance. Contact Aspire Cyber's certified CMMC experts to help you implement a secure and compliant BYOD program. Our experienced team will help you navigate the confusing CMMC Level 2 requirements and tailor a BYOD solution to fit your organization's needs.