DataCloak® Zero Trust Adaptive Secure Computing Platform

Zero Trust Terminal

The key factors of a successful zero-trust secure system are powerful authentication and comprehensive access control system. Based on lightweight trusted computing technology, DACS constructs an isolated and encrypted secure workspace inside the operating system of an endpoint. It protects corporate core data assets within the secure workspace and wouldn’t disturb internet access outside at the same time.


  • Endpoint device inventory and employee management with multi-factor trusted authentication technology.

  • Secure workspace constructed by DACS enables corporate data retention and application execution.

  • Effective solution to the problem of data leakage by means like USB flash drive, screenshot, internet etc.

Zero Trust Network

Practice of zero trust framework needs powerful network management. DACS helps an enterprise define subnetworking, grouping with fine grained software approaches. It also enables the internal and external network traffic between endpoints to be encrypted. It’s not only a good replacement of legacy VPN services, but also an excellent guard against traffic sniffing and mirroring along the data transport path.


  • Forming of workgroups (secure workspaces) with software-defined approach suitable for different business scenarios.

  • Configurable security level unique to different workspace and one-way data flow permission from low security lever workspaces to higher ones.

  • Convenient network environment for R&D, collaboration across organizations and BYOD workstyle.

Zero Trust Data

DACS can monitor, alarm and block transactions spanning the whole life-cycle of corporate data operations, e.g. data transport, file manipulation, file exporting, program execution, etc.


  • Data access control system based upon fine-grained authentication.

  • Effective prevention of data re-distribution by data flow controlling, bad tracking and forensics.

  • DACS enables data distribution and shared computing in secure way.

Zero Trust Strategy

DACS offers a unique adaptive security policy engine, which leverages machine learning technique to adjust security policy suitable to each individual enterprise. The policy is enforced based upon least privilege principle and enables the corporate network to actively and intelligently immune from external threats.


  • Employee behavior profiling and dynamic privilege granting/revocation.

  • Dynamic evaluation and analysis of security modeling and policy recommendation.

  • Proactive defense against intrusions and compromised access.

DACS supports Multi-Device
  • Windows
  • Mac OS / iOS
  • Android

As the industry-leading zero-trust security solution, DACS consists of three core technologies: lightweight trusted computing environment, software defined perimeter and AI security brain. The central goal is of data protection in that relative defense mechanism is built upon information flow security so as to provide fine-grained, elastic, and end-to-end protection.

Lightweight Trusted Computing Environment

DACS builds up a software-defined lightweight trusted computing environment on the terminal in terms of the “zero-trust” approaches towards terminal. The lightweight trusted computing environment is deeply isolated from the terminal OS, thus guaranteeing data storage and computation security. At the same time, data is flexibly and effectively processed in a secure computing environment without sacrificing the performance of execution.

DACS constructs a secure computing environment on the OS of various types of endpoint devices, e.g. mobile devices, office devices, servers, IoT devices etc.

Two features of secure computing environment:
  • Enterprise data can be flexibly stored and computed within the environment, but data in the environment cannot be distributed either terminal’s OS is on or off. Enterprise data can be accessed in the environment through various software, but it cannot be deviated from the secure computing environment.

  • All of operations in the secure computing environment are being monitored, including but not limited to file manipulations, network operations, software execution, and peripheral hardware usage.

Software Defined Perimeter

Data flow and wild distribution is a very common scenario in enterprise data computing. Controlling the data communication through network is another key technology of DACS. Based on the “zero-trust” approaches towards the entire network environment, DACS sets up a secure data communication pipeline between the secure computing environments to keep data flowing safe.

Combined with the terminal security computing environment and software defined perimeter, DACS build dynamic data secure workspaces that ensures data-centric life-cycle computing security. According to the needs of the business, secure workspaces can be dynamically created, expanded or contracted. The life-cycle of secure workspaces is achieved with the entire life-cycle of the business; enabling to terminate secure workspace when business is done. In addition, the secure workspaces across the global Internet, covering mobile devices, desktop devices, servers, IoT and other terminals, fully meet the security needs of various flexible data computing scenarios.

These software-defined communication pipelines have the following features:
  • With bi-directional authentication and end-to-end encryption, DACS ensure data communication security.

  • With the capability of WAN connection via virtual network tunnel, DACS can be used freely in anywhere around the world.

  • With software-defined and flexible connection and fine-grained management of perimeter control, DACS can elastically encapsulate the boundaries of the resources being used by business while accurately covering the business lifecycle.

AI Security Brain

Based on the above flexible fine-grained control, DACS is able to obtain valuable critical data for supporting situation awareness, such as the information about data flow emerged in secure workspaces as well as its working details in environment. These high-quality data are extremely valuable for the construction of adaptive security strategies and the formation of adaptive security closed loops.

Relying on the unique AI Security Brain, DACS analyzes and processes the security events gained from relative information collection, moreover evolves to a self-learning, and finally leads to the generation of an adaptive active immune system. DACS intelligently adapts to business scenarios, adjusts the security strategy in accord with the growing and changing of business, proactively discovers the problem, solves the problem, and then completes the security process, and forms a closed loop of the entire security management.

Another unique feature of DACS is that the secure computing environments is perfectly isolated from local terminal OS. It wouldn’t collect information from the local environment, but only monitors and controls the data inside the secure computing environment. DACS can effectively protect enterprise data without collecting personal information, thus perfectly supporting BYOD related.