Remote Work Through Mobile Virtualization #148 | Embracing Digital Transformation | Intel Business
Hello, this is Darren Pulsipher, chief solution, architect of public sector at Intel. And welcome to Embracing Digital Transformation, where we investigate effective change, leveraging people process and technology. On today's episode, securing the remote workers through mobile virtualization was special guest Jared Shepard, CEO of Hypori,Jared, welcome to the show. Thank you. I appreciate it.
Hey, Jared, tell my my audience I always like to know a little bit about who I'm interviewing and their background. Tell us a little bit about yourself and your journey to where you are today. Sure. I mean, it's an entertaining journey, I guess, because I'm kind of the anti CEO in a lot of ways, even though I've been doing it for 17 years. I was I was a high school dropout, knucklehead kid that was that was in trouble when I was young. I ended up joining the Army, served in the infantry.
I got to do some cool stuff in the infantry. Was a sniper for a while. I got to do some other, you know, fun stuff and hit a turning point in my life where, you know, ultimately it was, you know, do I want to continue to go down that road and maybe go into Special Forces or something similar? Or a buddy of mine said, Man, you should really get into it. And I was like, Well, it's why I make like $70,000 a year, like $70,000 a year. That's a lot of money. And so nonetheless, I ended up re-enlisting and becoming an IT guy and know, again, being a high school dropout didn't have a formal education.
So I learned it the informal way. And it's one of those places where you can get away with that right? You know where you can. Yeah. Yeah, you can. Absolutely. Absolutely. So I learned it in the Army and then I got out and and got brought right back because sure enough, you know, had gotten some of those really good certifications, you know, that informal education got brought right back as the Active Directory consultant to the third Armored Corps at Fort Hood, Texas. And then just by luck, we got tapped to go to war, and I ended up having to help the Corps plan with the invasion plans. And then ultimately I went to the war in Iraq and I got to build Iraq from scratch as a technical consultant in a team of about five of us.
Which of which three. Now work with me that builds Iraq from scratch. And so, you know, just my life is a long list of once in a lifetime opportunities. And so got that opportunity.
And then fast forward, my new boss was a guy named General Ray Odierno who who asked me to go find a predictive mining and modeling capability for premises based model. And I kind of said, huh? And, you know, he said, you know, you're a smart guy. You know, you'll be able to figure it out. You figure it out right. Back, back, back.
Then, you know, predictive mining, a modeling today, we call it AML. You know, I ended up being introduced to an organization that was standing up in the department fence called Giteau. I ended up being asked to come in as a consultant for them. I became the first acting j six for Giteau. Djokovic deployed again to Iraq, built the first go at downrange, and did so this time wearing my own shirt. So I started my first company called Intelligent Waves and that was almost 17 years ago.
We built the first coat, blood, sweat and tears, you know, designed to go after operational IED networks, you know, using it in advanced technologies. And then they kind of said, hey, could you do more of that? And so my company grew rapidly and we built lots of coats and other, you know, unique s-pen capabilities for the Air Force, etc., all of them deployed areas Iraq, Afghanistan, Kuwait, Qatar, Yemen, Syria, you name it. And and company grew. And along the way, I found a great technology called Hyper three that was was in a a failing startup that I stepped in and bought out bought the IP created as a built it in as a product inside of intelligent ways.
But then as I started to peel the onion on the potential of it, I realized, holy moly, this is going to be bigger than anything I've ever done before. So I started out as its own company and now I'm running that. Oh, what? You know that what you First off, I have to say thank you for your service. That it. Was, you know, and I think a lot of veterans feel this way. And obviously it means a lot to me.
And I also run a nonprofit called Worthy Ethos that helps veterans in transition out of the military that I started because I saw the need to help veterans in transition. But I would tell you that I think I feel this way. I think a lot of other veterans feel this way. It was my privilege because I got way more out of my service in the military than I'm sure the military got out of me. No, I, I doubt that very much. But again, thank you, though, for protecting, you know, our liberties here in the United States.
I really appreciate that. Also, one American story, high school dropout, CEO of two successful companies. You know, it was you know, it was funny, says one of my last boss when I started my company. It was a guy named General Ray Odierno. And Odierno is is a legend in the Army leadership community. He he replaced General Petraeus as a four star commander downrange in Iraq.
He was the guy that put me on that task to find a predictive mining model in capability. And when I had come and I said, hey, I think I want to start my own company to help this this thing happen. You know, he came and he put this this mob hand on my shoulder because he was a giant gentleman. We we lost in the cancer last year, fortunately, but. Not to. The the just this giant, you know, West Point lineman.
Right. And he puts this mob hand on my shoulders. Three star general, just a great individual. And he says, Jared, this is the American dream. He's like to have come where you came from because he knew my background.
Right. And to serve your country and now have the opportunity to to start your own company. He's like, I support it.
He's like, in fact, I'll I'll call Giteau and tell him I support it. And that's kind of what Greece this let's do this, kids, for me to to actually start my company now. What an awesome story. So, all right, let's dive into the into the subject today and let's go back to let's see if I can remember the day March 13th, 2020. Okay. Right.
It's when the world came crashing down. Yeah, right. I remember the day because it was Friday the 13th and we got a call from the the kid's school. There's no school today.
We're going to shut down because of this COVID. This little COVID thing will be down for about two weeks. That's what everyone said. What a black swan moment that completely changed the world. I mean, and I told you, I said, you know, my life has been a lifetime, a once in a lifetime opportunities.
I mean, I've just been purely lucky. So we had already committed I had already committed to the idea of what hyper it could be. And then it's almost like a a perfect summation of events, the fact that COVID hit nobody. Cause I didn't want COVID to hit and nobody wants.
No, no one. Wanted it. But the fact that it happened, it created a potential understanding and an opportunity for our technology to blossom into. Right. So before we get to technology, let's talk about it.
What it did was it forced people to start looking at remote work. And I remember I got calls from several different agencies in the federal government and in state government. What do we do? How how, how do we keep VPN up and running? That was the big thing, right? How how, how do we keep VPN up and running for 800,000 people. Right before COVID? If I had gone into a senior leadership meeting and tried to say, Hey, how are you going to allow your remote, your workforce to work remotely, like, how are you going to out, you know, service members walk out of the room right out of the room.
Now all of a sudden it's like everyone's like, oh my God, what are we going to do? Right? And it's still a problem, right? It's still how do I manage these remote workers? And one of the key aspects of managing them is securely managing them, right? How do I secure the remote edge? And it's it's my laptop, it's my phone, it's my tablet, it's whatever, whatever I have. And a lot of people move directly to like VDI. That was one of the things that they moved to. Other people went to the cloud and kind of a hybrid cloud like Office 365, where some of the data is on my laptop, but it's synched up into the cloud and and things like that.
But there's a whole bunch of security aspects around this. And then multifactor authentication became important, all these crazy things. But no one really tackled the problem that High poorI was really targeting. Sure.
Which I thought was when I saw your guys's product. That's pretty slick and that is how to use secure phones. All right.
So it's actually ironically, it's kind of more than that. So. Okay, all everything you said is is correct. But, you know, when I had my epiphany because I originally we weirdly built hyper as a product, but the idea was how can I get really, really, really secure communications and really, really difficult places, right? So the original idea of this was advanced military scenarios or intelligence community scenarios and difficult to be places, and this technology could help them accomplish their job. And and once we did that, we're like, wait a second, this is this is way bigger, right? And this is right before this is before quick hit, COVID hit. You know, we were like, man, this could be way bigger. And it's bigger not just in in the concept of, well, it's it's VDI for mobile, which is what some people who they try to kind of dumb it down and say that no it's it's bigger than that from like now we use the words like zero trust and we joke we were zero trust before.
Zero trust was a thing because our platform assumes the edge device is compromised, right? So rather than I like that rather than others zero trust approach, you know, other you know, large companies build zero trust approach, which is control everything, control everything, verify everything. We took the opposite approach, assume it's compromised. We assume the edge device is compromised. Thus I want to collapse the attack surface so that you don't have to manage the edge anymore.
You can manage your points of ingress and egress and defend those rather than defending all the edge devices that are out there. And then when you think about the virtual platform like VDI versus us, which some would say were virtual mobile infrastructure, which those of you who are watching who still don't know what we're talking about. Yeah. So Hyper-V is essentially a virtual mobile operating system. It's written around the Android open open source protocol with a whole bunch of NSA security protocols around it.
What it provides you is the ability to get to a dedicated operating system from any edge device. But the beauty of it is there's no data in transit and there's no data at rest. So that means the edge device does not present a threat. We assume the edge device is compromised, that we would never allow the software or middleware layers of the edge device to directly interact with the data that you're protecting. So by doing so, you're essentially making this or your tablet or your PC a dumb terminal that's access an information set inside of a secure environment. And and the implications of that are massive besides not having to defend the edge anymore, you also imagine, like what kind of compute can you put into this form factor? Well.
My you're limited by space and time. Yeah, you're limited by space and power. My operating system is running in a data center on Iraq. So that means that my mobile device is running on Xeon based Intel X86 processors that are going to outperform this little thing every day. And so now that compute bandwidth, all those things just smoke. What this form factor has the ability to support.
Now that's that that's that's pretty slick. So though so you let the genie out of the bottle already it's sorry. Well, I just figured we were going to be talking about stuff and people don't know. What the heck are they talking about.
Yeah. So it's actually pretty slick. The perception and I like your approach, which was the edge is compromised because phones are out in the wild, Right? We know that already. So what's going to prevent my phone? Let's say someone takes my phone, right? What's going to prevent them from just logging in? I, I mean and getting access to my virtual device out there in the cloud or in my data center or whatever the case may be. What's preventing them from doing that? I guess you use the the multifactor authentication on the devices themselves.
Depending on what you're doing. I mean, I mean, of course there's always a hygiene responsible for the user and that user hygiene that cyber hygiene is is generally manifested in a way. If you're going to deploy MFA, you're going to deploy, you know, I mean, like certain things like look, for one, I want you to always have a pen or use biometrics on your edge device to is. You then have to also authenticate against MFA to get into my, my virtual operating system. So when you start thinking about like multifactor first, you have to have the phone. You have to be able to get into the phone.
The phone has to actually have the correct external certificate to have access to my gateway. Then you have to authenticate against an MFA to get through my gateway to your virtual device. Okay.
So if someone's even just cloned my phone and they're still not going. To be able to go not going to do it. Absolutely. And all these keys reside in different tiers of secure key stores. So there isn't a single, you know, place that you could attack, that you could exploit our platform. And, you know, we really believe this is everybody says are secure.
Right. And one of the most important things that we did was in the Department of Fence. We invited them to prove whether we were right or not. And so you gave it to a red team. We've been through seven different Department of Defense red teams and most most recent couple were the Threat Systems Management Office and the director of Test and Evaluation, into which they briefed the DOD CIO and said, Hey, this is the most secure mobile platform we've ever tested today.
And they actually came out of it with zero significant security findings in any way, shape or form. Oh, that that's pretty cool. Now, the next thing that popped into my head around security, right, is if you're sending just bits, stream, you're sending stream back to back. In fact, not even a screen delta pixels.
So just change pixels. I'll just change pixels. So the beauty of change pixels rather than a screen scrape, like a rolling screen scrape, if I can decrypt that, I can see what you're looking. Yeah. Yeah, I can see what you're looking at.
But you're only sending deltas much harder. Are you encrypting that? Yes. Well, okay, so over the air, who knows what? It's encrypted. Garbage? Yep. And if you were. If even if you could. Real time decrypt 8 to 56 pixel stream.
By the way, if you can do that, the NSA would like to meet you. You can send me a note. I'll. Yeah. Yeah. It's a quantum computer I have running in my garage. You'll be both. But the if you could do that because it's delta pixels and that screen scrapes, all you get is moving blobs. So it wouldn't even have any value to you.
Yeah, yeah, yeah, yeah. Would only have where I put my mouse, my finger on the screen. Right. No, no that's, that's pretty, that's pretty slick as far as onboarding in how, how do, how do I take a large organization, 100,000 employees like Intel and say, hey, we're going to, we're going to move your phone instance on to an into this new new platform? Sure. Right. So because right there, right now and let's talk about phone secure right now. Right now I have something I think it's knocks on here.
Yeah it sounds like Samsung yeah. Yeah yeah Samsung Knox and my work stuff is in a secure area and my my personal stuff is in another so I'm not carrying around multiple phones I see people all the time carry on multiple phones. I hate it. So I just say container. That's containerization. And there's some challenges with containerization. So when you look at like MDM, which by the way, we can always go back to the covered to conversation too, because that became your earlier point.
That became pivotal for us to be an actual industry wide viable platform because it required people had to change the way they thought about the problem. Right? And COVID forced forced that change too. To your question about like either containerization or really MDM, right, Because lot number one, people say, well, look, you compete with yeah, no I don't because I'm not MDM. In fact I, I, I'm, you can use NPM to manage my platform if you wanted to, but I make it so that largely MDM is not necessary.
Yeah that that's really fascinating because what do you do when a phone gets stolen. Oh I've got to do MDM, right? Because I've got to brick the phone. So what we've found actually, so there are bad actors out there now that are, that they originated as military, bad actors, but now have got into criminal organizations because that's what a lot of them do, the regressions, especially, etc..
What we found is, is that there was a couple of cases in New York, and there's one out in California where bad actors will target you. They'll distract you to take your cell phone, they'll clone your cell phone, and then, you know, they'll drop your cell phone into a Faraday bag, take it over, clone it, take it, and then then drop it back out of the ferreted bag and dump it in a trashcan somewhere. The reason why is because you as the user, you're going to call the boss and go, Hey, I lost my phone and they're going to go, Great. You're going to go on the MDMA, go brick and the MDMA, and it's going to turn go waiting to connect, Waiting to connect, Waiting to connect, waiting to connect.
And of course, the device has been now replicated. And when they reintroduced the device on the network, they dumped it out of the Faraday bag, MDMA connects and then reports back to you. All this secure, we've bricked. Them.
But yet now they have a full replication of your device and all your data. We prevent that because the data never existed on the edge device. That never existed on the edge device. Pretty clever. Pretty clever. All right, let's talk a little bit about the downsides. Sure. Right.
Because there are some downsides. That I always joke. I say if Achilles had to heal, so do we, you know, you know, even though he was he was famous for one. But really, he had to. Right. And so do we, you know, with any virtual platform connectivity. Right. So.
Yeah, I was going to say connectivity. So let's talk about the field of battle, right? Deal environments, right. Disruptive, intermittent, low bandwidth, low light, low bandwidth. This is a problem, right? Because I can't get access to my data, right, Because it's not on the device.
Sure. It's so for for a DOD, like a tactical environment, the deal has gotten better and better and we work with them. And my other company does this as well.
And but there's there's forward deployed communications capabilities where you can deploy a node forward that doesn't need long haul reach back capability. You could deploy a hyper three node in that forward node. And then in like a Deville environment, we just did an exercise with it with a unique organization in the military where we were using ly fi to actually transmit networks via flight. So using, you know, like I wireless rather than radio, because it was the scenario was what happens when you're in a spectrum tonight, but. You can't. Radiate. Exactly.
You can't radiate your spectrum denied environment or spectrum targeted potentially. Right. So this, you know hyper worry can work ironically on very low bandwidth. But it does one of our heels it does require conductivity. Two is the type of conductivity it's not as sensitive to bandwidth like this was originally designed to run on a couple of bars of 3G. So it doesn't require a lot of bandwidth because it's only streaming delta pixels.
So if you think. About yeah, see, that's that's pretty clever. I'm not sending a bunch of data, right. Because it's more bandwidth efficient than a regular phone user is. And yet. We. Yeah, because most most most of the time when you think VDI I'm oh I'm saying how often my refreshing screen up because that's what people are thinking so you guys are only sending deltas how often do things actually change. So it's very very low bandwidth utilization, but in a network environment that introduces a lot of packet drop.
So a dirty network that's just horrible for brand virtualization, right? It's really hard for them to to be able to rectify when it's losing large packet, you know, large sets of packet data. So so those are two really kind of weakness places that bandwidth and latency ironically bandwidth it works for in a really relatively low bandwidth as a side effect of using only delta pixels and and latency that has to do with what your expectations are. So you've got to set some user expectations. And one of the ways I like to demonstrate that is I take teams calls and zoom calls on an airplane using Hyper-V and it works great and everybody. Knows that. Everybody on a plane freaks out about it, cause I'm actually on a live call, but I don't use voice because of the latency delay.
So what I do is I listen to what they're briefing and I type my responses, and then that way it breaks up that that duplex of of latency. Okay. So, so that kind of makes a lot of sense, right? Understanding the limitations and of of the technology, which is the Wi-Fi terminology, that's that's pretty clever and and I get it. So you brought out the Achilles Achilles heel. Let's talk about onboarding people now.
And because this one's interesting to me, if I have like a work phone number, which I do and I have automatically forward to my cell phone, but could I set this up so I have a work phone number that calls my my virtual phone and it ring on this phone. So it's so interesting that so we are not only have we been through all these D.O.D. red teams, we received our aisle five certification, so we're now five certified cloud SAS. We've gotten the DOD CIO memorandum saying that we're now an enterprise DOD capable BYOD platform.
We're the only one out there. Ironically, the NSA has a program called Commercial Solutions for Classified. So CSC and it's a series of standards in which you can use commercial technologies to get access to classified network. We are the largest deployed mobile platform in that environment as well. And so because everything is encrypted in transit, in and on receipt and it's very lightweight, you can technically do as long as you're in the appropriate environment, even classified voice across our platform, but in a way that you accomplish it as the same way you would accomplish exactly the scenario you just laid out, which is I would take a my desk phone number through an IP set, you know, so like a call manager of some kind and route that to a softphone that exists in the virtual thumb.
And then that way I can literally make phone calls from my office desk, from my virtual device. Anywhere. Can I take my environment I have already on here and move it into your virtualized environment? Or is it like starting from scratch? Right. I'm like, Well, I have which version of Android do I have? And I have to download all of my apps that I normally have. How can I take what I have and move it over? Or do I or do I do it like I have a brand new phone? We have brand. It'd be a brand new phone to some extent.
So remember, most services you use on your phone are CSP cloud service providers of some kind. Of course using. Office 365, regardless of which device you log into office 365, you get your office three, you. Get all your data, right? Yeah. So from that standpoint, you would still have all the same data available to you through your CSPs, etc..
The but the way the device, the phone itself is managed like so there is we don't have a play store in our device by design because play store bleeds off data, right. We don't use that. We have our own app store and mechanism in which we sideload applications and manage those applications specifically to prevent data bleed out of our environment because, you know, we kind of talk about as we talk about the advantages of security and how great security is a side effect of us not being an MBA and not not even, you know, we're our own product category, which by the way, that's kind of a double folded sort to that has to it. Well, yeah, yeah, yeah. You're on your own product category.
You're the leader. Of of one. Yeah. I mean or have a very, very small number. Right. But the, the that the advantage of that though is not just security but it's also privacy. So that means I don't need or want ability to see into your personal device. Right. So my platform
because it doesn't trust your device it means it wants no permissions. So it doesn't want to know what you're doing on your personal time, on your personal device, you know, and if it has malware on it because you went to a bad website or your team or you're not. Yeah. Or your teenage kid went to a to a bad website and it got malware.
And that malware probes the security containers on your device because it's looking for data. If you have an MTM, your MTM is going to alert, hey, malware associated with bad website, right? Probe the security container. And in some places like the government that can lead to an investigation that really shouldn't have happened in the first place. Right. So we protect the users privacy because we don't we don't want to know what's on the device.
That's your that's your that's your challenge. That's your environment. What we enable the enterprise to do is very granularly manage what applications you have access to and what data actually flows in and out of that operating system environment. So that the side effect of that privacy pieces that here in the U.S., it's amazing that that, you know, MDM has struggled
with adoption that large scale simply because of the privacy issue. Right. Go to go to Europe.
And they have what's called GDPR. You know, GDPR essentially prevents it. GDPR says you're not allowed to move a personal a person's personal information across a country's border without their explicit permission. Right. Well, the beauty is we don't move data anywhere. We just allow it to view.
So that means I don't have the GDPR restrictions sort of enabling you to move across Europe across. And I can. Access data because I'm not moving the data. No, this is this is really fascinating.
So the next question that comes to mind is if I want to deploy this in my, let's say, my home, I would never do that, but I might because I have teenage kids, right? Yeah. So I, I could create my own play store, my own app store, right. You would select through the management course. So now, of course, we're not B2C yet. We hope to get there.
But let's talk B to B, let's say I'm going to deploy this admin. If you're the administrator, you're going to go through an approved app template and you're going to select which apps your users get a chapter, approve, which apps your users get, you would you would through either we get them from open source libraries, we get them directly from the app vendors, we sideload them. You create an app template and you deploy that app template and you say, Hey, look, I'm going to have power users get this mobile users get this, you know, executives get this. And these are the apps that they get in the associated data. Right? Okay.
Now let's go to the back end of of this thing. I think we got the front end on the back end. Are you guys running this in a is it a service you're offering? Is it can I run it on prem? Can I run it in the cloud? What are the restrictions around that? And I'm guessing since you're doing military, it's going to be running on prem for, for some of it and some of it in the cloud because it depends on which department you're talking to.
Yeah. So, so interesting. You know, when you talk about the COVID being one of the evolutionary things that happened to us, right, that helped us evolve in the context of that was also in the evolution of the technology. So we started out purely as an on prem technology, right. And and the idea was you deploy server racks worth of stuff and you get mobile access, right? And that was what we, everybody was comfortable with three or four or five years ago. And when you look at the idea of people that were going to cloud, a lot of people weren't comfortable with cloud or, you know, is cloud really efficient? Is it really cost effective, etc.. We we went through a pilot with the Department of Finance where we realized the cost to run a mobile device on a data center on a server rack just wasn't cost efficient compared to cloud, because like, look at that.
When I talk about a couple of things that really had to happen to make Hyper-V successful, like I bought it out as and it didn't succeed when I bought the technology. So why is it succeeding now? What changed? Well, a couple of things. One, the network has massively changed.
We now have 5G, we have high speed 4G networks, low latency, high bandwidth environments accessible everywhere to cloud. So if you look at the place in which cloud is really valuable, cloud is valuable on incremental compute, what I need to compute a little bit and then not anymore. And then again and then not anymore.
That's where Cloud really makes its money from an efficiency standpoint. Well, yeah, yeah, absolutely. So, so, so so mobile devices are what you are what you're saying. I think I hear what you're saying.
It correct me if I'm wrong when I'm not on my mobile, my virtual mobile device, that instance is shut down. So what what happens is, is that the data set resides. It remains you know, it's like the data that you have that's associated to you. But we decommission the compute in the RAM. And then when you come to log back in again, we fire it back up again. So then that way you're not paying for a 24 hour, seven day a week phone, you're paying for your memory.
The little steps that you're taking now. And I mean, our long term goal is we want to make this consumable as a, you know, like B to C level. And, you know, my objective in the business is to get this costs down to the point where it's 999 a month and you can have an a completely secure second cell phone or a third cell phone or a fourth cell phone all from your own device. Now, now that this is very, very cool, Jerod And we could talk for hours. I could see it already. But if people want to find out more, where do they go? Well, our Web site is a great location.
So you can go to www.hypori.com and take a look there you can you can contact us you can request a demo and you can even if you're a you know an organizational consumer and you're looking at trying to deploy this in your organization, we'll set up something for you you need to play with it sounds great. Also, I'll have these links on our on our podcast site, EmbracingDigital.org. Jared Well, thank you. This has been this has been great. And like I said, we're going to have to have you come back on.
I mean, so I do want to say, you know, Parting shot is while we're doing all this great stuff in the government, like the Army's gone to 50,000 licenses, the Air Force is talking to us, the DOJ is talking with the government is amazing. Where this is really going to change is outside the government. Think, oh, absolutely.
HIPPA protections think SEC. They'll trade control protections, think banking, health care, defense, industrial base. That has to be CMC compliant rather than you having to deploy infrastructure in second cell phones to be CMC compliant. You just buy from a SaaS from us and we save you, you know, a fraction of the money with more secure. Oh yeah, yeah, yeah.
Absolutely not. I see a lot of potentials. Health care, even education. Absolutely. Absolutely. With which manufacturing, telecom.
I mean, imagine if you're if you're one of the major telecom providers and you can offer your customers and say, hey, look, if you're already a customer for an extra 699 a month, we'll give you a second cell phone. Oh, this this is going to cause so many problems for a Department of Justice. Oh, by the way, burner phone, virtual burner phone is. There you go. Yeah, exactly.
I mean, hey, and also, you can have five phones on your phone, right? All right, Jerrod. Hey, thanks again for coming on. I appreciate you guys having us. Thank you for listening to Embracing Digital Transformation today. If you enjoyed our podcast, give it five stars on your favorite podcasting site or YouTube channel, you can find out more information about embracing digital transformation and embracingdigital.org Until next time, go out and do something wonderful.