Cloud

Cloud

For many companies, the regulatory environment can seem like an impenetrable impenetrable jungle that makes the path to the cloud difficult. more difficult. This is exactly where we come in!

We help our customers to utilize the advantages of the cloud, even in strictly regulated industries. We know the challenges and have already successfully developed a range of solutions.

We support customers in the implementation of projects both in public clouds (Google, Microsoft, Amazon, etc.) as well as in on premise clusters (private clouds). We have experience in all common technical platforms (Kubernetes, OpenShift, Docker) and focus on standardized and reproducible implementations implementations (infrastructure as code with Terraform, package and dependency dependency management with Helm, CI/CD with GitHub workflows and Gitlab pipelines).

Organizations can use cloud solutions to modernize their applications modernize their applications and infrastructures to achieve greater efficiency, scalability scalability and agility.

Cost Efficiency

With cloud solutions, one often only pays for the resources that are actually used. This can mean considerable cost savings compared to maintaining and updating hardware in the own data center.

Flexibility

Cloud platforms offer a broad variety of services and tools. New functions and functionalities can be easily integrated without having to invest in additional hardware or infrastructure.

Reliability

Usually cloud providers operate a robust infrastructure with built-in redundancy and backup mechanisms to minimise the risk of downtime. On top of that, companies often have the option of taking additional measures to further improve availability.

„Cloud security is not just a technology, but a continuous process of adaptation and improvement.”

Joseph Steinberg (Cybersecurity Expert)

Selected Cloud Projects

 Bring Your Own Key (BYOK)

Our customer wants to use the cloud-native key and certificate management of its cloud provider, but at the same time fulfil the regulatory requirements for the secure management of cryptographic keys. In particular, keys should always be generated in-house and then transferred securely to the respective cloud application.

Keys are generated in-house in a newly set-up key management system (KMS). Our implementation enables the cryptographically secure transport of these keys to a hardware security module of the cloud provider.

The Bring Your Own Key (BYOK) approach offers a higher level of security for cloud data compared to key generation and management by the cloud provider. The customer retains full control over the lifecycle (generation, deletion, renewal, etc.) of all cryptographic keys. Key management is no longer an obstacle to migrating applications from/to different cloud providers and in-house operations.

 Cloud HSM

Our customer would like to operate a signature service on its own Openshift cluster. However, the private keys required for the signature are to be generated and securely stored in a hardware security module (HSM).

In order to achieve these principally contradictory goals, advantage is taken from the HSM manufacturer’s offering of a server software that runs on Linux and communicates with the actual HSM via the network. This was ported to Openshift containers. The HSM state stored in the provider's software on the local hard drive was outsourced to a database cluster.

Our customer received a highly available and scalable signature solution without having to compromise the security of the key material.

 Helm Charts for Kubernetes

Our customer uses complex third-party software on its own Kubernetes cluster. The installation and maintenance of this software is complex and involves considerable manual intervention in the customer's Kubernetes installation.

Helm charts are the solution of choice. With our expertise, the cumbersome installation and configuration process becomes a collection of versioned Helm charts stored in the Git repository.

The effort required for updates and configuration changes, as well as the creation of completely new environments for testing, is significantly reduced. This enables our customer to integrate the software into the in-house software development life cycle solution.