Connecting a member of your supply chain to your network raises all sorts of security alarms: how much can we trust this new partner? What are their security practices? What new risks are we introducing to our network? By connecting them do I risk enabling a career-ending breach? But if I don’t connect them then we can’t do business together and my company will lose money. Cloak Labs allows you to loosely couple applications from multiple clouds via our patented cloud based service. The beauty is that this can be done with no exchange of credentials between parties and without requiring any open inbound firewall ports.
In the figure above, Enterprise A and Enterprise B are part of each other’s supply chains and wish to integrate certain business processes. Each enterprise uses its own application suite and (optionally) their own enterprise service bus (ESB). Messages from either enterprise can be routed through the local ESB, optionally transformed, and then passed on to the Cloak Labs Security Gateway. This is a java based security application that runs at both premises. Messages can be passed in XML or any of a number of other protocols. The Cloak Labs Security Gateway encrypts the message body using AES and then encrypts the metadata and the AES256 key using RSA. The message is then redundantly transmitted to the Cloak Labs cloud infrastructure. The far side Security Gateway maintans a persistent connection to the cloud infrastructure. When it detects a new message is available for it it downloads it locally, decrypts the metadata then the contents, and then passes the unencrypted message on to the local ESB or directly to the target application.
There is no requirement for the applications at both enterprises to be the same nor for the ESBs to be the same. Each enterprise can run their own software stack, operating systems, routers etc… Cloak Labs insulates each side from taking on the security risks of the other. No credentials need to be exchanged and no VLANs need to be configured. This avoids either side expanding its attack surface. Messages that flow through the Cloak Labs cloud infrastructure are encrypted with keys that are only held by the Security Gateways. This means that Cloak Labs cannot decipher messages, nor can hackers or state actors.Learn More Download the White Paper!