Cloak Labs Solutions Overview

The Cloak Labs Global Virtual Bus™ securely and reliably extends your Enterprise Service Bus (ESB) from the Data Center to your global value chain.

We provide end-to-end encryption of your application data from your ESB to your partners. Our Global Virtual Bus is a cloud-based, completely encrypted queueing system, that securely stores and forwards messages to your partners.

This allows you to connect applications across enterprises without expanding your attack surface. You don’t need to open any inbound ports (on either side) or even have any public-facing IP addresses. You don’t have to issue credentials to your partners. You don’t need to install a leased line or setup a VPN.

The Cloak Labs Global Virtual Bus™

The Cloak Labs Global Virtual Bus™

Our triple-layered security process:
  1. Encrypts the message payload using AES256
  2. Creates an envelope containing the AES key plus the message metadata and encrypts that using RSA1024 using the public key of the destination Security Gateway.
  3. Signs the message with the private key of the sending Security Gateway for later authentication by the receiving Security Gateway.
  4. Transmits the envelope and payload to the Cloak Labs cloud over an SSL connection.

Security Gateways are small applications that run on-premise. All private keys are under your control and not available anywhere in the cloud.

Sending Security Gateways transmit your messages to redundant destinations in the cloud. Receiving Security Gateways then download from redundant sources as well. Once the first copy of a message has been delivered and verified the redundant downloads are cancelled. Furthermore, messages are queued at the sending Security Gateway and in the cloud. Transmission is automatically resumed when network connectivity is restored. This architecture allows Cloak Labs to guarantee message delivery in loosely coupled, less than 100% available networks. Importantly: outbound messaging is non-blocking.
Small Messages to Large Files
Cloak Labs’ architecture extends from small messages (a few KB) to gigabyte files or even larger.
No VPN or FTP server to manage
Cloak Labs’ application messaging service does not require the set-up and management of a VPN/VAN or FTP Server, reducing the person-power required to set-up and maintain these point-to-point connections.
Reduced cost of ownership
Cloak Labs reduces VPN setup and operation costs as well as costs associated with network partitioning (ex: VLANs) by avoiding any increase in your network’s attack surface.
Quickly extend your current network
Even if you already have a messaging network in place, bringing up new trading partners can be a time consuming and costly process from an implementation and licensing standpoint. With Cloak Labs, IT Managers can extend their current application network via a simple software download to physician groups, clinics, branch offices, international locations, or remote trading partners without having to reinvest in costly application integration technologies.
Guaranteed delivery of your messages
By removing all single points of failure and routing dual copies of transactions over separate paths, we avoid outages and latency issues due to congestion or downed carrier lines. Every message is delivered in seconds and follows an independent route to its recipient application worldwide, with positive acknowledgment of delivery to both parties.
Unlike traditional VPNs, VANs or Leased Lines that only allow for point-to-point communication, we provide simple access controls to allow for one-to-many messages with the same latency and guaranteed delivery.
Multiple protocol support
Our messaging platform is pre-configured to integrate with a variety of applications through Cloak Labs Security Gateways and can handle many standard protocols. Regardless of your trading partner’s messaging protocol, Cloak Labs’ Security Gateways encrypt and convert each file “on-the-fly” to the trading partner’s protocol with no intervention on your part.

Security Gateway

Cloak Labs’ software Security Gateways encrypt messages from one enterprise and deliver them through the Cloak Labs cloud to a destination Security Gateway at a different enterprise. The Security Gateways only initiate outbound messages over https meaning that no inbound firewall ports have to be opened by either enterprise nor is any additional partitioning of the enterprises’ networks required. This dramatically simplifies the interconnection of different enterprise networks without expanding the attack surface for any participant.

Security Gateways allow you to quickly connect your applications to our secure cloud-based messaging services. Security Gateways are small software clients that allow applications to interface to your network and to each other.

Interfacing the Cloak Labs Security Gateway directly to your existing application is as simple as specifying an IP address, port, and protocol. There is no need to modify your existing application to interface to our Security Gateway.

Our solution offers much better security and availability than a VPN and with greatly reduced management. Think of Cloak Labs as an “Armored Courier Service,” whereby we take the data securely from point A to point B over a variety of existing highways. We duplicate the ‘trucks’ (via Cloak Labs Security Gateways) and send application messages by different routes to ensure delivery and security. Our platform manages all this, you just provide the data.

Cloak Labs Security Gateways support all popular message, transport protocols and encryption levels. Each installation takes only a few minutes and does not require a user with technical experience to configure.

With many popular protocols supported, and more on the way, Cloak Labs offers an ease of installation and low cost of setup that is unique in our industry.

See the system requirements for installing and running a Cloak Labs Security Gateway on-premises.

Cloak Labs Encrypted Cloud Queue

Cloak Labs Encrypted Cloud Queue

Learn More About How it Works! Download the White Paper!

Supported Protocols Include

  • XML
  • ISO 8582 (POS) 1
  • ISO 15022 (Securities)
  • CrestCo
  • FIX 4.0, 5.0
  • EDI
  • Data Stream (unformatted)
  • HL7 2 & 3
  • X.12
  • Odette FTP
  • MATIP 1
  • SITA