Reimagining Executive Travel: A Secure Approach to Mobile Technology
By Matt Stern, CSO at Hypori
In 2026, global corporate travel budgets are projected to increase by 5%, with travel managers overseeing an estimated $5 billion in hotel and air travel spending. As executives continue to cross time zones and borders, their dependence on mobile devices, including smartphones, tablets, and laptops, to access corporate systems, communicate sensitive information, and make strategic decisions, has never been higher. However, these devices also present some of the largest vulnerabilities in an organization’s digital security infrastructure.
The Evolving Mobile Threat Landscape
Mobile threats are escalating rapidly, fueled by sophisticated phishing attacks like smishing, malicious apps, and increasingly advanced malware. These threats are compounded for multinational organizations by complex and often conflicting regulatory requirements surrounding data protection and sovereignty. The challenge of balancing usability, privacy, and compliance means that traditional mobility models, like Bring Your Own Device (BYOD) or Corporate-Owned Personally Enabled (COPE), are ill-equipped to safeguard against these growing threats.
The Reality of Executive Travel Risk
Veteran executives understand the unspoken rule of international travel: don’t bring your real phone. In regions deemed high-risk, especially countries like China, burner devices are often used. This practice, once informal, is now critical as state security authorities have expanded their powers to search electronic devices. For example, China grants state security officials the legal authority to search phones and laptops for content deemed sensitive to national security. This kind of enforcement is now openly practiced and is not limited to traditionally “high-risk” countries. The United Kingdom has also expanded its authority under national security laws, allowing for the search of electronic devices at borders with limited due process.
The consequence is clear: any device carrying corporate or personal data is at risk of inspection, duplication, or compromise when crossing borders.
Airports, Networks, and Hostile Digital Terrain
Beyond border crossings, airports, hotels, conference centers, and foreign telecom networks present significant security risks. These networks often operate under weak cybersecurity standards or permissive surveillance laws, offering ample opportunities for criminals or nation-state actors to intercept or compromise communications with minimal risk of reprisal.
When executives connect to foreign Wi-Fi networks, enable Bluetooth, or respond to a text message, they become exposed. Smishing attacks, rogue base stations, malicious apps, and Bluetooth exploits increasingly target high-value travelers. These executives are often transient, distracted, and operating outside their usual security perimeter.
The traditional advice of “be careful what you click” is no longer sufficient in an environment where attackers can manipulate the network itself. Bluetooth and Near Field Communication (NFC), in particular, have become major threats, enabling attackers to hijack devices within proximity and compromise them through unsophisticated exploits.
Why Traditional Mobile Management Falls Short
Mobile Device Management (MDM) and Mobile Application Management (MAM) have been industry standards for managing enterprise mobility. However, these solutions fall short for executive travel. Executives traveling to countries like China face significant privacy risks as MDM systems, even when configured to block data transfer to a device, still store local data, leaving sensitive information vulnerable to theft.
Additionally, even well-configured MDM environments are not immune to advanced zero-day exploits, which could potentially allow for the installation of keystroke loggers and other malicious software directly on a device. This flaw leads to a major security gap: the necessity of physically abandoning burner phones after each trip, creating a logistical nightmare for inventory control and device management.
The Shift Toward Virtual Mobility
To address these growing risks, the concept of virtual mobility is emerging as a viable alternative to traditional mobile security. This model completely removes corporate data from physical devices, storing it instead in a secure, centralized environment. The mobile device serves only as a secure access point, interacting with encrypted data streams without storing any sensitive information locally.
This approach redefines the security landscape by:
- Eliminating Data at Rest on Devices: Without sensitive data stored locally, the risk of data loss due to device theft or compromise is dramatically reduced.
- Simplifying Compliance and Enforcement: Centralized data storage enables security teams to enforce data residency and regulatory policies easily, ensuring compliance without the complexity of managing multiple devices across different regions.
From an operational standpoint, this model aligns perfectly with zero-trust principles, providing centralized control and visibility without needing endpoint management.
The Business and Executive Benefits of Virtual Mobility
Virtual mobility offers several significant advantages for both organizations and executives:
- Cost Savings: Virtual mobility architectures reduce the need for region-specific device strategies, extend hardware lifecycles, and lower total cost of ownership by minimizing the number of physical devices required for executives.
- Enhanced Executive Experience: Executives benefit from maintaining full use of their personal devices without the intrusion of rigid security controls. They gain consistent, high-performance access to corporate environments from any location. This flexibility is essential in a world where productivity, privacy, and security are non-negotiable.
This model also bridges the gap between corporate security and personal device usage, empowering executives to remain productive while protecting their privacy. One virtual workspace can be dedicated to corporate resources, while another manages personal resources, ensuring that both spheres remain secure and separated.
Aligning Executive Mobility with Zero Trust
As mobile threats become more sophisticated and regulatory pressures increase, traditional device-centric security models no longer suffice. Virtual mobility represents a transformative shift by eliminating risks at the source; keeping sensitive data off devices entirely. This model not only supports the security needs of globally distributed executives but also enables flexibility, scalability, and compliance in ways traditional models cannot.
For organizations supporting executive travel across international borders, this architectural rethinking may prove essential for maintaining both security and agility in the years ahead.
Matt Stern, CSO of Hypori
Matt is an experienced cybersecurity executive leader in both the private and public sectors. Matt led professional services for a premier cyber threat intelligence company and the United States Computer Emergency Readiness Team (US-CERT) contract team. He was also the Program Director for system engineering, design, and deployment of the National Cyber Protection System (EINSTEIN) and the Deputy CIO for the largest ever deployed military communication system supporting 150,000 Operation Iraqi Freedom II soldiers.