Tech Leaders and Startups

rss

Interviews with Leading Entrepreneurs at Tech Startups

Startup MobileCrypt Secures Employee Phones With Military Grade Encryption

As any enterprise IP professional knows, these days employees frequently use their mobile devices for all kinds of applications related to work. Put simply, BYOD is an unstoppable force. This though raises a key challenge for IT. In an age of rampant cybersecurity breaches, how can employees’ mobile devices be protected.

As any enterprise IP professional knows, these days employees frequently use their mobile devices for all kinds of applications related to work. Put simply, BYOD is an unstoppable force. This though raises a key challenge for IT. In an age of rampant cybersecurity breaches, how can employees’ mobile devices be protected.

One company taking an innovative approach to mobile security is MobileCrypt. Joining today to talk more about MobileCrypt is their President Erik Hutslar.

IT Specialist Thank you for sharing some insights, Erik. To start with, can you provide some brief background on MobileCrypt, such as what year you were started and the background of the founders?

Erik MobileCrypt was founded to bring back trust in the device you use daily, your mobile phone.  We started the company about a year ago with this goal in mind.

Erik Hutslar, President of MobileCrypt, started in his career as an engineer designing microwave communication systems for Harris Corporation then moved into AT&T as a product manager for VPN services for AT&T, it grounded his security experience and allowed him to lead the development and launch of other security services and security hardware for others such as SafeNet and SonicWALL. Additionally, Erik was one of the pioneers of the security group at Apple leading the development of security in Mac OS X and iOS.  While at Trend Micro he helped develop the industry’s first cloud based Anti-Virus solution, then led the consumer and mobile security product management teams. This directed him to focus on mobile security at IronKey and then Good Technology where he led the product management teams.   He has earned his Bachelors degree in Electrical Engineering and an MBA from Golden Gate University in San Francisco.

IT Specialist At a high level, can you provide MobileCrypt’s overall perspective on the state of the mobile security market - are there any other macro-trends you might want to highlight?

Erik We see the mobile device becoming the all-in-one platform.  The mobile device is the one piece of technology you never leave home without.  The future only has more reliance on our mobile devices to hold more than just our current personal and corporate data, but payment information, physical access keys, and who knows what else the app developers will conjure up next. 

The point is that this all-important mobile device is not protected behind the corporate firewall but has to stay safe in any number of hostile environments.  We see the trend areas being an ever-increasing reliance on a mobile device and various ways to ensure its safety while maintaining mobility. 

IT Specialist What would you describe as MobileCrypt’s core value-proposition for enterprise IT? 

Erik MobileCrypt’s core value to enterprise IT is that we bring extreme security to a device that is inherently not secure.  We leverage a FIPS 140-2 Level 3 Certified Hardware Security Module (HSM) in a microSD form factor to generate and secure the crypto keys.  With an HSM you are assured that no one can compromise your keys and thus access your information.  Cryptographic operations never leave our SDEncrypter microSD with it’s built in HSM, CPU and storage your data stays safe and the phones performance is not slowed.

IT Specialist Turning now to your products, I gather that you have three main ones, MobileCrypt, MobileCrypt for Good, and Sycret Voice? Could you highlight the key features of each of these?

Erik We’ve created several applications that leverage the functionality of the SDEncrypter microSD.

MobileCrypt – Secures files and folders located on your PC, Mac or mobile device.  Once the files are encrypted they can be stored on your mobile device, in the cloud or on any file server.

MobileCrypt for Good – Compatible and manageable by Good Technology’s Secure Mobility Platform.  The application contains the same functionality as MobileCrypt and adds:

1.  Trusted Authentication - Hardware based key generation and storage to encrypt the Good container.

2.  Authentication Delegation - Uses a simple PIN for authentication, 4-16 digits long.

3.  Transfer Files – Files within the Good secure container are encrypted and can be stored elsewhere.

4.  Sycret Voice – Peer-to-peer encryption of your voice, chats or IMs for secure communication.

SDK – We offer an SDK so others can leverage the functionality of the SDEncrypter for their own applications, or for development in new areas that we support such as derived credentials.

IT Specialist Do users both download an app and also obtain Hardware Security Module (HSM) in a microSD form factor from MobileCrypt? Walk me through how to actually set up your product on my Android phone, starting from scratch.

Erik Yes, that’s the basic idea.  A user would be given a credit card size holder that contains the microSD card and their default PIN information.  The user would then place the microSD card in the memory expansion slot of their device.  Next, the user would download the application from the Google Play Store or install it from the microSD card.  Once the application starts the user will enter the default PIN,then the user is prompted to enter a new PIN.  Once the new PIN is entered the card initializes and generates the keys inside the HSM for cryptographic operations.

Now the user is ready to the application to secure their files or communications.

IT SpecialistOn the technology side, you ended up getting FIPS-140-2 Level 3 certified. This is military grade standard, correct? How difficult was this to achieve?

Erik Without quoting too many government regulations FIPS 140-2 is a standard put out by the National Institute for Standards and Testing (NIST) that specifies the security requirements for a cryptographic module utilized within a security system protecting sensitive information in computer and telecommunication system.  There are various levels of certification:

Level 1 - Provides the lowest level of security. Basic security requirements are specified for a cryptographic module (e.g., at least one Approved algorithm). No specific physical security mechanisms are required in a Security Level 1

Level 2 - Improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering.

Level 3 - In addition to the Level 1 and 2 features, Security Level 3 prevents the intruder from gaining access to CSPs (keys) held within the cryptographic module.

Our FIPS 140-2 Level 3 certification is ideal for protecting sensitive data that may be used in a military or intelligence scenario.  With a Level 3 certification you can rest assured that if a bad guy gets a hold of your device that they won’t be able to get the cryptographic keys or your data. 

To achieve FIPS 140-2 Level 3 certification it takes a lot of time and testing.  Having gone through this process many times I can tell you that the difficulty level is high, but it is the ultimate test of how secure your device is in the real world.

IT Specialist What role does the enterprise IT professional play in implementing your solution in her company? Is this targeted only at companies or governments, or could any consumer theoretically use a MobileCrypt solution as well?

Erik Theoretically consumers could use these products. It would make eavesdropper’s jobs very difficult, but realistically most consumers don’t place much value on their data.

Our target customers are those who have data that they feel is valuable and worth protecting.  The enterprise IT professional understands the value of their data as well as the risk associated with any data leaks.  There is a real cost to a company or government if important information becomes compromised.  We help reduce the risk of any information leaks with a very secure solution.

IT Specialist Turning now to the corporate level, have you gone to market with your product, and if so, what has the reaction been?

Erik We are just now introducing our solutions to the market.  Our solutions secure your valuable information using a device you already own and are familiar with.  Additionally, your mobile device is manageable with your current tools, connects to your network and is always with you.  Being that the MobileCrypt solution takes advantage of the connectivity and manageabilityof a mobile device and makes it a trusted end-point the response has been tremendous.

IT Specialist Finally, for people who may be interested in testing your solution or beginning a dialogue with you, what is the best way for them to start working with you?

Erik You can find out more about our MobileCrypt solutions or get our contact information on our web site at mobilecrypt.com.

Also you can email me at erik@mobilecrypt.com or call 703.243.6156703.243.6156. Further, our website is: www.mobilecrypt.com . Since we’ve learned so much from this community, in an effort to “give back” a bit, all members of the IT Specialist Enterprise Network can receive MobileCrypt seats at 15% off MSRP.

We’re happy to talk about what your current needs are and if the MobileCrypt solution will help you with your security goals.

IT Specialist Thanks much for your time Erik, and best of luck going forward.

Showing 0 Comment
Your comment will be shown after administrator's approval







b i u quote

Save Comment

Search Interviews