How Hypori Halo Addresses the 5 Pillars of Zero Trust
In today's digital age, traditional approaches to cybersecurity are no longer sufficient. With cyber threats becoming increasingly sophisticated, organizations must adopt a new mindset to protect their assets and data. Enter zero trust architecture – a revolutionary approach that challenges conventional notions of network security. Federal requirements mandate zero-trust adoption by 2027.
What is Zero Trust?
At its core, zero-trust architecture is a cybersecurity model based on the principle of "never trust, always verify." This means organizations should not automatically trust anything inside or outside their perimeters and must verify anything trying to connect to their systems before granting access.
Another way to think about zero trust is to assume that everything is or will be compromised, especially mobile devices. It is not an “if” but a “when” it will happen. This is the premise on which Hypori Halo was developed.
What are the 5 Pillars and how does Hypori Halo address them?
Zero trust is made up of five pillars:
Identity
Device
Network/Environment
Application Workload
Data
Identity:
Hypori leverages the customer's Identity, Credential, and Access Management (ICAM) principles to manage identity, ensuring secure access to its services while integrating seamlessly with the existing software infrastructure. This means that Hypori uses the identity information that the customer’s existing software requires.
In more detail, Hypori issues a certificate to authenticate the user within their cloud environment once the user has gone through that specific customer’s ICAM process. The End-user ICAM is managed by a Lightweight Directory Access Protocol (LDAP) connection to the customer’s network via a unique certificate on their device.
*For even more context, ICAM refers to the process of managing digital identities, credentials, and access rights within an organization's network or system. It involves verifying the identity of users, providing them with appropriate credentials (such as usernames and passwords or certificates), and controlling their access to resources based on their roles and permissions.
Device:
Developed under the assumption that all devices are compromised, Hypori Halo completely eliminates the phone or edge device as an attack surface by not trusting it.
Hypori Halo uses Federal Information Processing Standards (FIPS) 140-2 validated components for key protection and Transport Layer Security (TLS) 1.2 encryption to only send encrypted pixels to/from the edge device, meaning there is no data ever in transit (digital information moving back and forth to the phone) and no data at rest (information stored ON the phone). This also creates total separation of data between the personal apps and data on the physical device and the organizational data accessed with Hypori Halo. Users and their organizations need not worry about the crossover of information – so the user’s privacy is kept intact, and the organization doesn’t have to worry about their intellectual property (IP) being vulnerable.
Hypori takes the physical device out of the zero-trust equation – so there is no risk if the phone is lost, stolen, or hacked.
Network/ Environment:
We look at the network in two ways – external and internal.
Externally, we ensure that no data is ever in transit by only allowing encrypted pixels to be streamed across the transport. We also eliminate security vulnerabilities associated with VPNs and encode telemetry data from the edge device to the customer’s instance in the cloud.
Internally, we adhere to the following security standards: AWS’ design guides for GovCloud, Department of Defense (DoD) Impact Level 5 (IL5) and IL5 Cloud Authorization To Operate (ATO), Impact Level 4 (IL4), NIAP (National Information Assurance Partnership) Common Criteria Certification, Security Operation Center (SOC) Type I and Type II and Federal Risk and Authorization Management Program (FedRAMP) Moderate equivalency (High coming Q4 of this year). Additionally, Hypori includes more than 400+ security controls during implementation.
Application Workload:
Let us first understand what application workload is - application workload refers to the computational tasks or processes that an application performs within an organization's IT infrastructure. This includes any software applications, services, or processes that handle data and perform tasks to support the organization's operations.
As mentioned before, each Hypori Halo device is completely isolated from the physical device so no actual workload data leaves the security boundaries and all lateral movements are prohibited. Due to the security measures and controls Hypori has in place, Hypori Halo has passed multiple DoD Red Team tests and it has been forensically proven that no data is stored on the device.
Hypori continuously verifies and authenticates every request or interaction with application workloads, regardless of whether they originate from outside or within the organization's network.
Data:
All four of the previous pillars have touched on data in some capacity – i.e. no data in transit, no data at rest, no overflow of data outside of the security boundaries. At all times, Hypori Halo ensures that all data remains secure in the customer's cloud instance. Users can access and interact with authorized enterprise resources, like email, team, and other productivity apps, while maintaining secure cloud storage of the apps and data.
Next Steps & Getting Started
Organizations looking to expedite the implementation of a zero-trust approach to their remote employee program should seek out validated, zero-trust solution providers like Hypori Halo, used by the DoD and other government agencies as their mobile workplace solution. As a technology that was zero-trust before the term was even coined, Hypori Halo was developed out of the need for defense personnel to communicate sensitive information on compromised devices.
In conclusion, zero trust architecture represents a paradigm shift in cybersecurity, offering a proactive approach to defending against modern threats. By adopting a "never trust, always verify" mindset and implementing robust security measures, organizations can enhance their resilience and protect their valuable assets.
