The President's Next Cellphone
Almost four years ago, my company co-founder and I sat in a nondescript hotel in Maryland meeting with two senior technical executives from the National Security Agency (NSA) to discuss classified mobility. We initially focused on how to install a few specific apps onto classified phones, but as the meeting unfolded, it became obvious the government struggled with a broader challenge of securely managing all mobile apps across classified networks. In the news media, we read with interest about proposed options for the President’s next cellphone or devices used by the nation’s senior leadership. Despite all the commentary, very little of this speculation came to fruition.
For example, some predicted government special phones would be the future for the BlackBerry, which they predicted would maintain a sizeable market cap. In reality, every government organization, except for the U. S. Special Operations Command (SOCOM), has been trying to find a path off of BlackBerry. The winner will likely be Samsung, which invested aggressively to win the classified mobility endpoint market—surprising me and probably others since the entire classified mobility device market opportunity has probably fewer than a daily tally of commercial devices.
No matter the manufacturer, owning a classified smartphone is meaningless if you have to lock it down to the point it becomes a "dumbphone" with essentially the same functionality of mobile devices from two decades ago. This is the current state of classified mobility across the government—voice and basic email. It’s not what senior leaders want. They want apps just like everyone else, but their (justified) level of paranoia has neutered most mobile devices.
Why is that?
Well, let’s return to the meeting with the NSA tech executives. The government faces two key challenges, the first being with data at rest. A lost phone, even with crypto keys embedded, could be exploited to get the data off of it. Think “sophisticated nation-state,” not bored teenager. Then there is attestation, the magical term that means, “How do I know there are no viruses on it?” or “How do I know it has good state?" Turns out, attestation is really hard on commercial mobile devices, as they typically have no root of trust, the technical method to determine if anyone has tampered with it.
The phones do not have enough CPU and battery to conduct anti-malware analysis. The secure mobile environment portable electronic device (SME-PED) was an attempt to solve the challenges by creating an encrypted phone. The program cost approximately $20 million, putting the cost per device around $4,000. The device offered email and phone calls (on two different networks), but weighed nearly as much as a brick and the battery life was minimal. Ultimately, officials never disclosed the actually number of SME-PEDs deployed, but rumors suggest the figure never crept above 1,000, with the number used regularly far smaller. While the SME-PED initiative was short-lived, it succeeded in serving as the catalyst to the NSA’s Commercial Solutions for Classified (CSfC) program, which leverages highly tested, commercial technologies instead of competing against them. One of the latest solutions to gain approval from the CSfC program is virtual mobile infrastructure (VMI), which offers a “mobile first” thin client that keeps data and apps in the cloud, away from the mobile endpoint. This solves the data at rest challenge (there isn’t any) and helps with attestation because there are significant security techniques implemented in a virtualized cloud environment that cannot be done on a mobile endpoint. VMI also provides users with the native apps, smartphone feel and general user experience they have come to know from their mobile device and common apps. Users are not saddled with a locked-down version of apps. With remote access to sensors such as touchscreen, microphone, camera and GPS, the virtual smartphone and its apps can “feel” just like a real one—with access to email, chat, voice calls, photos, video conferencing and even Angry Birds. But all of the apps are “pixel streamed” across the network, like watching Netflix.
So what will be the President’s next cellphone? What about for the secretary of defense or chairman of the Joint Chiefs of Staff? The secretary of state? Special operations forces? The best bet is virtual smartphones running commercial mobile apps from a government-hosted data center. And they can get it today—not five years from now when senior leaders are retired. The approach is not just answering the challenges facing the government, but will quickly become the choice for enterprises. The same “easy” button that works for classified mobility also works for bring-your-own-device in the enterprise. Virtual desktop infrastructure (VDI) is used by 99 percent of Fortune 500 firms, and the same will become true for VMI. In the end, every knowledge worker will have a virtual mobile device running in the cloud. It might have all the work content; it might only have more sensitive apps and data. It might be owned by employers, customers or service providers. By removing risks associated with data at rest and attestation, this approach quickly is becoming the new face of enterprise mobility.
Justin Marston is CEO and co-founder of Hypori, responsible for the company’s overall business strategy, operations and long-term vision. A seasoned entrepreneur and technology innovator, Marston previously served as founder and CEO at BlueSpace Software, where he developed trusted virtualization security solutions for the defense and intelligence communities. He holds multiple patents, is a published author and a frequent speaker who has presented at numerous international defense and entrepreneurship conferences. He holds a master’s degree in chemistry from Durham University and is a fellow of the Royal Statistical Society.